// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-hibpDTG 0600Z
ColdRecon / Breach Radar / Instagram
Breach Record

Instagram

DISCLOSED 2026-01-07 · STOLEN CREDS · 6,215,150 RECORDS EXPOSED

In January 2026, data allegedly scraped via an Instagram API was posted to a popular hacking forum. The dataset contained 17M rows of public Instagram information, including usernames, display names, account IDs, and in some cases, geolocation data. Of these records, 6.2M included an associated email address, and some also contained a phone number. The scraped data appears...

The record

What we know

Disclosed
2026-01-07
Attack vector
Stolen Creds
Records exposed
6,215,150
Domain
instagram.com
Data classes exposed
Display namesEmail addressesGeographic locationsPhone numbersUsernames
Sources

Cited reporting

Similar vector · recent

Other stolen creds breaches on file

This page is the permanent ColdRecon entry for the Instagram disclosure. It updates if new public reporting emerges. All tracked breaches →

Instagram just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →