Instagram Vendor Cyber Rating & Cyber Score

instagram.com
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

More than one billion people around the world use Instagram, and we’re proud to be bringing them closer to the people and things they love. Instagram inspires people to see the world differently, discover new interests, and express themselves. Since launching in 2010, our community has grown at a rapid pace. Our teams are growing fast, too, and we’re looking for talent across engineering, product management, design, research, analytics, technical program management, operations, and more. In addition to our headquarters in Menlo Park, we have thriving offices in New York City and San Francisco where teams are doing impactful work every day.

Instagram A.I CyberSecurity Scoring

Instagram

Company Details

Linkedin ID:

instagram

Website:

http://www.instagram.com

Employees number:

47,052

Number of followers:

1,398,977

NAICS:

5112

Industry Type:

Software Development

Homepage:

instagram.com

IP Addresses:

Scan still pending

Company ID:

INS_3401594

Scan Status:

In-progress

AI scoreInstagram Risk Score (AI oriented)

Between 0 and 549

https://images.rankiteo.com/companyimages/instagram.jpeg
Instagram Software Development
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
Get a Score Increase
globalscoreInstagram Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/instagram.jpeg
Instagram Software Development
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

Instagram

Critical
Current Score
538
C (Critical)
01000
8 incidents
-47.0 avg impact

Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.

APRIL 2026
538
MARCH 2026
535
FEBRUARY 2026
574
Breach
12 Feb 2026 • Instagram: No Breach, Real Risk: The Data Privacy Threats CX Leaders Can’t Ignore
Instagram Data Exposure Highlights Growing Risks of 'Cumulative Identity Theft'

**Instagram Data Exposure Highlights Growing Risks of "Cumulative Identity Theft"** A recent incident involving Instagram has sparked debate over what constitutes a data breach and why even "non-breach" exposures can erode customer trust. In an interview with *CX Today*, Ron Zayas, CEO of Ironwall by Incogni, warns that traditional security definitions fail to account for the dangers of *cumulative risk*, where seemingly harmless data leaks combine to fuel sophisticated cyber threats. Zayas argues that aggregated identity data such as names, email addresses, or behavioral patterns can enable attackers to craft highly targeted phishing and impersonation schemes, even without a confirmed system intrusion. He draws a parallel to banking: customers don’t wait for a direct theft to lose confidence in a bank’s security; the same applies to companies handling personal data. Once trust is damaged, loyalty follows. The discussion also underscores the importance of transparent crisis communication. Zayas advises leaders to avoid minimizing incidents or relying on legal loopholes, instead treating customer data with the same urgency as financial assets. Key recommendations include limiting third-party data sharing and providing affected users with clear, actionable guidance. The incident serves as a reminder that privacy is now a critical driver of customer loyalty, and how organizations respond to exposure regardless of breach status can determine long-term reputational impact.

529
critical -45
INS1770907632
Incident Details -
Type
Data Exposure
Motivation
Phishing and impersonation schemes
Impact
Data Compromised: Names, email addresses, behavioral patterns Brand Reputation Impact: Erosion of customer trust and loyalty Identity Theft Risk: High (cumulative identity theft risk)
Response
Communication Strategy: Transparent crisis communication advised; avoid minimizing incidents or relying on legal loopholes
Data Breach
Type Of Data Compromised: Personally identifiable information (names, email addresses, behavioral patterns) Sensitivity Of Data: High (enables targeted attacks) Personally Identifiable Information: Names, email addresses, behavioral patterns
Lessons Learned
Traditional security definitions fail to account for cumulative risk. Privacy is a critical driver of customer loyalty, and organizations must treat customer data with the same urgency as financial assets.
Recommendations
Limit third-party data sharing Provide affected users with clear, actionable guidance Avoid minimizing incidents or relying on legal loopholes Treat customer data with urgency
Customer Advisories
Provide affected users with clear, actionable guidance
Post Incident Analysis
Root Causes: Aggregated identity data exposure enabling cumulative identity theft
References
Blog URL Source URL
FEBRUARY 2026
587
Cyber Attack
02 Feb 2026 • Google, Facebook, Instagram, Amazon, Flipkart, Paytm, Coinbase and PayPal: ZeroDayRAT Malware Strikes Android and iOS Devices for Real-Time Spying
ZeroDayRAT: A Rising Mobile Spyware Threat with Global Reach

**ZeroDayRAT: A Rising Mobile Spyware Threat with Global Reach** Since February 2, 2026, **ZeroDayRAT**, a sophisticated mobile spyware platform, has been sold openly on **Telegram channels**, offering cybercriminals an accessible tool for large-scale surveillance and financial theft. Developed and marketed through dedicated groups for sales, support, and updates, the malware targets **Android (versions 5–16) and iOS (up to version 26, including iPhone 17 Pro)** with minimal technical expertise required. Operators gain **real-time control** via a browser-based dashboard, enabling **live spying, data theft, and financial attacks** against victims worldwide. Infections typically begin through **social engineering tactics**, including **smishing texts, phishing emails, fake app stores, or malicious links** shared on WhatsApp and Telegram. Once installed via an APK on Android or a payload on iOS ZeroDayRAT grants **full device access** without the victim’s knowledge. ### **Surveillance & Data Exfiltration Capabilities** The spyware’s dashboard provides a **comprehensive overview** of compromised devices, including: - **Device details**: Model, OS version, battery level, country, lock status, SIM/carrier info, and dual-SIM numbers. - **User profiling**: App usage timelines, peak activity hours, and network providers. - **Real-time notifications**: Intercepted alerts from WhatsApp, Instagram, Telegram, YouTube, and system events. - **Location tracking**: GPS data mapped on Google Maps, with historical movement records (e.g., a device in **Bengaluru**). - **Account harvesting**: Usernames/emails from Google, WhatsApp, Instagram, Facebook, Amazon, Flipkart, PhonePe, Paytm, and Spotify enabling **account takeovers or follow-up phishing**. - **SMS access**: Full inbox search, message spoofing, and **OTP interception**, bypassing SMS-based two-factor authentication (2FA). ### **Advanced Surveillance & Financial Theft** ZeroDayRAT escalates beyond passive monitoring with **active spying tools**: - **Live camera/microphone streams** (front/back) synced with GPS for **real-time tracking**. - **Keylogging**: Captures keystrokes, biometrics, gestures, and app launches, paired with a **live screen preview** to steal passwords and sensitive inputs. - **Crypto theft**: Targets wallets like **MetaMask, Trust Wallet, Binance, and Coinbase**, swapping clipboard addresses to **hijack transactions**. - **Banking attacks**: Compromises **UPI apps (PhonePe, Google Pay), Apple Pay, and PayPal** via credential overlays, blending traditional and cryptocurrency theft. ### **Global Impact** Evidence from the dashboard shows **compromised devices in multiple countries**, including **India and the U.S.**, underscoring the spyware’s **widespread deployment**. With its **low barrier to entry** and **commercial availability**, ZeroDayRAT represents a growing threat to **individual privacy, financial security, and organizational data integrity**.

573
critical -14
AMAINSCOIGOOFLIPAYPAYMET1771309885
Incident Details -
Type
Spyware
Attack Vector
smishing phishing fake app stores malicious links
Motivation
surveillance financial theft data exfiltration
Impact
Financial Loss: Crypto theft, banking attacks (UPI, Apple Pay, PayPal), OTP interception Data Compromised: Device details, user profiling, account credentials, SMS, location data, camera/microphone streams, keystrokes Android (versions 5–16) iOS (up to version 26) Operational Impact: Account takeovers, unauthorized transactions, privacy violations Identity Theft Risk: High (PII exposure, account takeovers) Payment Information Risk: High (UPI, banking apps, crypto wallets)
Data Breach
PII account credentials SMS location data keystrokes camera/microphone streams Sensitivity Of Data: High (financial, personal, biometric) Data Exfiltration: Yes (via dashboard) Personally Identifiable Information: Yes (usernames, emails, phone numbers, GPS data)
Initial Access Broker
smishing phishing fake app stores malicious links Backdoors Established: APK (Android), payload (iOS) Crypto wallets banking apps UPI apps
Post Incident Analysis
Root Causes: Commercial availability of spyware, low barrier to entry for cybercriminals, social engineering tactics
References
Blog URL Source URL
JANUARY 2026
646
Breach
09 Jan 2026 • Instagram: Instagram Data Breach Exposes 17.5 Million Users' Emails and Phones
Instagram’s Hidden Vulnerabilities: The Breach That Shook 17.5 Million Accounts

**Instagram Data Leak Exposes 17.5 Million Accounts in Early 2026** In January 2026, a significant data leak exposed personal information belonging to approximately 17.5 million Instagram users. The breach, first reported by cybersecurity outlets, involved sensitive data including emails, phone numbers, and usernames now circulating on dark web forums. The incident surfaced amid a surge in suspicious password reset emails sent to users, raising concerns about phishing campaigns exploiting the leaked data. Meta, Instagram’s parent company, denied a direct breach of its systems, attributing the exposure to third-party scraping or historical vulnerabilities. However, independent analysts suggest the data may have originated from Instagram’s API, citing past incidents where outdated or poorly secured interfaces were exploited. A 2024 API leak, for example, allowed attackers to harvest user details through automated scripts. The leaked dataset, which first appeared on dark web markets around January 9, 2026, includes biographical details and regional targeting, particularly in Germany. Cybersecurity experts warn of increased risks of identity theft, phishing attacks, and impersonation schemes, especially for businesses and influencers reliant on the platform. User reports on X (formerly Twitter) describe unsolicited password reset requests, while posts from cybersecurity accounts confirm the sale of the data in underground markets. The breach has reignited criticism of Meta’s security practices, with comparisons drawn to past incidents, including a 2017 API bug that exposed verified accounts and a 2018 flaw that leaked passwords in plaintext. Regulatory scrutiny is expected, particularly under frameworks like the GDPR, as the incident underscores broader industry challenges in safeguarding user data. While Meta has encouraged users to enable two-factor authentication and report suspicious activity, experts emphasize the need for stronger encryption, regular audits, and transparent reporting to prevent future breaches. The fallout highlights the ongoing tension between connectivity and security in social media, with users and regulators alike demanding greater accountability from platforms. As investigations continue, the full impact of the leak remains under assessment.

583
critical -63
INS1768224283
Incident Details -
Type
Data Breach
Attack Vector
API Vulnerability Exploitation, Third-Party Scraping
Vulnerability Exploited
Outdated or poorly secured API interfaces
Motivation
Data Exfiltration for Financial Gain, Identity Theft, Phishing Campaigns
Impact
Data Compromised: Emails, phone numbers, usernames, biographical details Systems Affected: Instagram API, User Accounts Operational Impact: Increased phishing attacks, potential account takeovers Customer Complaints: Growing frustration and backlash from users on social media Brand Reputation Impact: Eroding trust in Meta’s ability to safeguard user information Legal Liabilities: Potential fines under GDPR and other regulatory frameworks Identity Theft Risk: High risk of identity theft and targeted scams
Response
Containment Measures: Encouraged users to report suspicious activity, rolled out security best practice reminders Remediation Measures: Recommended password changes, enabling two-factor authentication (2FA) Communication Strategy: Public statements downplaying the breach, assurances that internal systems were not compromised
Data Breach
Emails Phone numbers Usernames Biographical details Number Of Records Exposed: 17.5 million Sensitivity Of Data: High (Personally Identifiable Information) Data Exfiltration: Data allegedly sold on dark web forums Personally Identifiable Information: Yes
Regulatory Compliance
GDPR (potential)
Lessons Learned
Recurring challenges in maintaining robust security for API interfaces, need for stronger encryption and regular audits, importance of transparent reporting mechanisms, and user-centric data protection policies.
Recommendations
Use password managers to generate unique credentials Avoid reusing passwords across sites Enable app-based two-factor authentication (2FA) over SMS Monitor credit reports for signs of identity theft Regularly review account activity and settings Verify email authenticity and avoid clicking suspicious links Adopt minimalism in sharing personal details online Organizations should conduct regular vulnerability assessments and employee training on phishing recognition
Investigation Status
Ongoing
Customer Advisories
Users urged to avoid clicking suspicious links, change passwords directly through the app, enable two-factor authentication (2FA), and report suspicious activity.
Stakeholder Advisories
Businesses and influencers advised to monitor for unauthorized access and diversify their online presence to mitigate risks.
Initial Access Broker
Entry Point: API vulnerabilities, third-party scraping Data Sold On Dark Web: Yes
Post Incident Analysis
Root Causes: Outdated or poorly secured API interfaces, third-party scraping activities, historical vulnerabilities in data handling and privacy protocols Corrective Actions: Potential updates to API and security infrastructure, stricter oversight and regulatory compliance, adoption of more transparent reporting mechanisms
References
Blog URL Source URL
DECEMBER 2025
643
NOVEMBER 2025
642
OCTOBER 2025
638
SEPTEMBER 2025
635
AUGUST 2025
631
JULY 2025
627
JUNE 2025
623
MAY 2025
684
Breach
18 May 2025 • Facebook, Snapchat, Instagram and Roblox: 184 million logins for Instagram, Roblox, Facebook, Snapchat, and more exposed online
Exposure of 184 Million Unique Login Credentials via Unsecured Database

**Massive Infostealer Database Exposes 184 Million Credentials in Latest Cybersecurity Threat** Cybersecurity researcher Jeremiah Fowler recently uncovered an unsecured database containing over **184 million unique login credentials**, underscoring the escalating danger posed by **infostealer malware**. The exposed data—including emails, passwords, and authorization URLs—spanned a wide range of services, from **Microsoft, Facebook, and Instagram to financial institutions, healthcare portals, and government accounts**. Unlike traditional data breaches, this trove was likely **compiled by infostealers**, a type of malware designed to silently extract credentials from infected devices. These malicious programs harvest data from browsers, email clients, messaging apps, and even cryptocurrency wallets, often spreading via **phishing emails, malicious websites, or cracked software**. The database’s removal from public access does not mitigate the broader threat, as infostealers continue to operate at scale. The sheer volume of exposed credentials suggests **millions of individuals** may be affected, though the number of unique victims is likely lower due to multiple accounts per user. Modern infostealers go beyond simple password theft, capturing **autofill data, cookies, screenshots, and keystrokes**, enabling attackers to bypass security measures and launch **credential stuffing attacks, account takeovers, identity theft, and targeted phishing campaigns**. This incident highlights the **pervasive nature of infostealer infections**, which allow cybercriminals to build detailed profiles of victims’ digital lives. While the exposed database has been secured, the underlying threat remains, with malware like **Lumma Stealer** (recently disrupted by authorities) representing just one of many sophisticated variants in circulation.

618
critical -66
FACSNAINSROB1766549037
Incident Details -
Type
Data Exposure
Attack Vector
Infostealer Malware
Vulnerability Exploited
Unsecured database, malware infection via phishing emails/malicious websites/cracked software
Motivation
Financial gain, identity theft, corporate espionage, credential stuffing attacks
Impact
Data Compromised: 184 million unique login credentials (emails, passwords, authorization URLs) Systems Affected: Infected devices (browsers, email clients, messaging apps, crypto wallets) Brand Reputation Impact: Potential reputational damage for affected services and users Identity Theft Risk: High
Response
Third Party Assistance: Cybersecurity researcher (Jeremiah Fowler) Containment Measures: Database removed from public view Communication Strategy: Public advisory on protective measures
Data Breach
Emails Passwords Authorization URLs Autofill data Cookies Screenshots Keystrokes Number Of Records Exposed: 184 million Sensitivity Of Data: High (personally identifiable information, login credentials) Data Exfiltration: Yes (via infostealers) Personally Identifiable Information: Yes
Lessons Learned
Infostealers pose a growing threat by silently harvesting credentials and sensitive data from infected devices. The scale of exposure highlights the need for proactive monitoring, password hygiene, and malware protection.
Recommendations
Change passwords regularly and avoid reuse across accounts. Enable two-factor authentication (2FA). Audit and clean email inboxes of sensitive documents. Use up-to-date anti-malware solutions. Educate on phishing recognition. Monitor digital footprint using tools like Malwarebytes' Digital Footprint Portal.
Investigation Status
Database secured, but infostealer threat remains ongoing
Customer Advisories
Public advisory on protective steps (password changes, 2FA, malware scans).
Stakeholder Advisories
Service providers and users urged to enhance security measures against infostealers.
Initial Access Broker
Entry Point: Phishing emails, malicious websites, cracked software Data Sold On Dark Web: Likely (e.g., Lumma Stealer data traded on dark web)
Post Incident Analysis
Root Causes: Infostealer malware infections, unsecured database storage, lack of proactive monitoring Corrective Actions: Database secured, public awareness raised, but ongoing threat requires continuous vigilance.
References
Blog URL Source URL
JANUARY 2025
692
Cyber Attack
08 Jan 2025 • Malwarebytes and Instagram: Mass glitch? Instagram users get unexpected password reset emails
Instagram Data Breach and Unauthorized Password Reset Emails

**Mass Instagram Password Reset Emails Spark Data Breach Concerns** On January 8, 2025, Instagram users worldwide began receiving unsolicited password reset emails from the platform’s official domain (*[email protected]*). The messages, which appeared legitimate—complete with proper formatting and verification marks—triggered widespread confusion, as no users had initiated the resets. Reports flooded social media platforms, including Reddit and X, with users questioning whether the emails were part of a targeted attack, a technical error, or evidence of a larger breach. Some users found the reset notifications missing from their Instagram security logs, while others received identical emails after manually changing their passwords—a sign the domain was authentic. Speculation ranged from a phishing campaign to a misconfigured system trigger, with one Reddit user in email marketing suggesting a possible "legacy system" error. The incident gained further urgency after Malwarebytes revealed on January 9 that hackers had stolen data from **17.5 million Instagram accounts**, including usernames, physical addresses, phone numbers, and email addresses. The stolen data, now circulating on the dark web, could enable cybercriminals to impersonate brands or launch credential-stuffing attacks. The timing of the password reset emails aligns with the breach, raising concerns that the two events may be connected. Meta, Instagram’s parent company, has yet to issue a public statement. The global scale of the reset emails—affecting users across multiple time zones—suggests a systemic issue rather than isolated incidents. As of now, the cause remains unconfirmed, though the overlap with the reported breach has intensified scrutiny.

672
low -20
MALINS1768030474
Incident Details -
Type
Data Breach
Attack Vector
Unknown (potentially unauthorized access or technical error)
Motivation
Financial gain (data sold on dark web)
Impact
Data Compromised: 17.5 million records Systems Affected: Instagram user accounts Operational Impact: Unauthorized password reset emails sent to users Customer Complaints: High (global reports on Reddit and X) Brand Reputation Impact: Significant (Meta/Instagram yet to issue statement) Identity Theft Risk: High (PII exposed)
Response
Communication Strategy: No official statement from Meta/Instagram
Data Breach
Usernames Physical addresses Phone numbers Email addresses Number Of Records Exposed: 17.5 million Sensitivity Of Data: High (Personally Identifiable Information) Data Exfiltration: Yes (data being sold on dark web) Personally Identifiable Information: Yes
Recommendations
Users should manually reset passwords via the Instagram app and enable two-factor authentication.
Investigation Status
Ongoing
Customer Advisories
Ignore unauthorized password reset emails; manually reset passwords via the Instagram app and enable two-factor authentication.
Initial Access Broker
Data Sold On Dark Web: Yes
Post Incident Analysis
Root Causes: Unknown (potential technical error or unauthorized access)
References
Blog URL Source URL
NOVEMBER 2024
701
Cyber Attack
01 Nov 2024 • Instagram
AI-Generated Influencer Accounts on Instagram

Instagram faces an explosion of AI-generated influencer accounts using deepfake technology to steal videos from real models and monetize them. This trend undermines the platform's credibility and the income of authentic creators. Real models' views have plummeted, directly impacting their livelihoods. Instagram's lack of action against this widespread issue has industrialized AI exploitation, signaling a concerning shift towards AI dominance in social media content.

687
critical -14
INS000112224
Incident Details -
Type
Content Theft and Fraud
Attack Vector
Deepfake Technology
Vulnerability Exploited
Lack of Content Verification Mechanisms
Motivation
Monetization
Impact
Systems Affected: Instagram Platform Operational Impact: Reduced Views for Real Models Revenue Loss: Decreased Income for Authentic Creators Brand Reputation Impact: Undermined Platform Credibility
References
Blog URL Source URL
JUNE 2024
754
Breach
16 Jun 2024 • Instagram: 17.5 Million Instagram Accounts Exposed in Major Data Leak
Massive Instagram Data Breach Exposes 17.5 Million Users’ Personal Information

**Massive Instagram Data Breach Exposes 17.5 Million Users’ Personal Information** A significant data breach has exposed the personal details of approximately 17.5 million Instagram users, with the compromised dataset now circulating on dark web forums. The leak, first identified by cybersecurity researchers at Malwarebytes, was posted by a threat actor under the alias “Solonik” earlier this week. The listing, titled *“INSTAGRAM.COM 17M GLOBAL USERS 2024 API LEAK,”* claims the data was harvested in late 2024 through an API vulnerability, allowing automated scraping of user profiles worldwide. The breach is particularly severe due to the depth of exposed information, which includes full names, usernames, verified email addresses, phone numbers, user IDs, and partial location data. Unlike previous leaks limited to usernames, this dataset enables cybercriminals to construct detailed profiles for targeted attacks. Screenshots of the data confirm its authenticity, showing structured records that facilitate identity theft and phishing campaigns. The incident has already led to active exploitation, with affected users reporting a surge in unsolicited password reset notifications. While passwords were not included in the leak, the combination of emails and phone numbers enables SIM-swapping attacks and sophisticated social engineering. Attackers can impersonate Instagram support or use exposed details to manipulate victims into revealing two-factor authentication (2FA) codes or login credentials. The breach is classified as a scraping incident exploiting public API endpoints rather than a direct server intrusion. However, the scale suggests a failure in rate-limiting or privacy controls, allowing threat actors to extract millions of records undetected. As of January 10, 2026, Meta has not issued a public statement addressing the 17.5 million-record dump. The incident underscores the risks of API-based data exposure and the need for enhanced security measures to prevent automated harvesting of user information.

691
critical -63
INS1769168216
Incident Details -
Type
Data Breach
Attack Vector
API Vulnerability Exploitation
Vulnerability Exploited
API scraping via automated harvesting of user profiles
Motivation
Data Exfiltration for Dark Web Sale
Impact
Data Compromised: Full names, usernames, verified email addresses, phone numbers, user IDs, partial location data Systems Affected: Instagram API endpoints Customer Complaints: Surge in unsolicited password reset notifications Brand Reputation Impact: High Identity Theft Risk: High
Data Breach
Type Of Data Compromised: Personal Identifiable Information (PII) Number Of Records Exposed: 17.5 million Sensitivity Of Data: High Data Exfiltration: Yes Data Encryption: No Personally Identifiable Information: Full names, usernames, verified email addresses, phone numbers, user IDs, partial location data
Lessons Learned
The incident underscores the risks of API-based data exposure and the need for enhanced security measures to prevent automated harvesting of user information.
Investigation Status
['Ongoing']
Initial Access Broker
Entry Point: API vulnerability Reconnaissance Period: Late 2024 Data Sold On Dark Web: Yes
Post Incident Analysis
Root Causes: Failure in rate-limiting or privacy controls for API endpoints
References
Blog URL Source URL
JANUARY 2024
809
Breach
07 Jan 2024 • Instagram: Meta denies Instagram breach impacting 17m accounts
Alleged Instagram Data Leak of 17 Million Users

**Instagram Data Leak Claims Reignite Concerns Over Old Breach and New Security Incident** A recent claim by a hacker known as *Solonik* sparked fresh alarm over a purported 2024 Instagram data leak affecting 17 million users. The hacker posted the alleged dataset on a clear web hacking forum on **7 January**, asserting it contained sensitive information including usernames, physical addresses, phone numbers, and email addresses. Cybersecurity firm **Malwarebytes** amplified the claim on **X (formerly Twitter)**, suggesting the breach was both new and severe. However, investigations revealed the dataset was not new. A separate forum member had shared an identical dataset in **2023**, describing it as a scrape of Instagram’s data though its origin remained unclear. The sample data provided by Solonik matched records from nearly **three years prior**, indicating the hacker had merely repackaged old information, a common tactic among cybercriminals. The situation grew more complex when **Instagram users reported receiving unsolicited password reset emails**, leading some observers to speculate a link between the two incidents. **Meta**, Instagram’s parent company, swiftly denied a breach but acknowledged a separate security issue. A spokesperson stated that the company had **“fixed an issue that allowed an external party to request password reset emails for some users”**, emphasizing that **“no breach of [Meta’s] systems occurred”** and that accounts remained secure. Users were advised to disregard the emails. While the **17-million-record dataset** was confirmed to be old dating back to **January 2021** and later added to **Have I Been Pwned’s (HIBP)** database its contents still pose risks. The data includes **usernames, display names, account IDs, and in some cases, geolocation, email addresses (6.2 million records), and phone numbers**, all of which could be exploited for phishing or social engineering attacks. The incident highlights the persistent threat of **repackaged breach data** and the challenges in verifying hacker claims, even as Meta works to contain unrelated security vulnerabilities.

748
critical -61
INS1768202882
Incident Details -
Type
Data Scrape / Alleged Breach
Attack Vector
API Scraping (alleged)
Vulnerability Exploited
Instagram API (alleged)
Motivation
Financial gain / Reputation among cybercriminals
Impact
Data Compromised: Usernames, physical addresses, phone numbers, email addresses, display names, account IDs, geolocation data Systems Affected: Instagram platform (alleged unauthorized access to password reset system) Operational Impact: Unauthorized password reset requests sent to users Customer Complaints: Users reported receiving unsolicited password reset emails Brand Reputation Impact: Negative publicity, user confusion, and distrust Identity Theft Risk: High (due to exposure of PII)
Response
Containment Measures: Instagram acknowledged and fixed the password reset issue Remediation Measures: Users advised to update passwords and watch for phishing attempts Communication Strategy: Public statement denying breach but acknowledging password reset issue
Data Breach
Usernames Email addresses Phone numbers Physical addresses Display names Account IDs Geolocation data Number Of Records Exposed: 17 million (6.2 million with email addresses) Sensitivity Of Data: High (Personally Identifiable Information - PII) Personally Identifiable Information: Yes
Lessons Learned
Older datasets can still pose risks; users should remain vigilant against phishing and update passwords regularly. Organizations should verify breach claims before amplifying them.
Recommendations
Update passwords and enable multi-factor authentication (MFA). Monitor for phishing attempts targeting exposed PII. Verify breach claims before public disclosure to avoid misinformation. Implement stricter API access controls to prevent scraping.
Investigation Status
Ongoing (alleged repackaged dataset; unauthorized access to password reset system confirmed)
Customer Advisories
Users should update passwords, enable MFA, and watch for phishing attempts.
Stakeholder Advisories
Meta/Instagram advised users to disregard password reset emails and update passwords.
Post Incident Analysis
Root Causes: Alleged API scraping; unauthorized access to password reset system (exact cause unclear). Corrective Actions: Fixed password reset issue; advised users to update passwords and monitor for phishing.
References
Blog URL Source URL

Frequently Asked Questions

According to Rankiteo, the current A.I.-based Cyber Score for Instagram is 538, which corresponds to a Critical rating.

According to Rankiteo, the A.I. Rankiteo Cyber Score for March 2026 was 535.

According to Rankiteo, the A.I. Rankiteo Cyber Score for February 2026 was 587.

According to Rankiteo, the A.I. Rankiteo Cyber Score for January 2026 was 646.

According to Rankiteo, the A.I. Rankiteo Cyber Score for December 2025 was 643.

According to Rankiteo, the A.I. Rankiteo Cyber Score for November 2025 was 642.

According to Rankiteo, the A.I. Rankiteo Cyber Score for October 2025 was 638.

According to Rankiteo, the A.I. Rankiteo Cyber Score for September 2025 was 635.

According to Rankiteo, the A.I. Rankiteo Cyber Score for August 2025 was 631.

According to Rankiteo, the A.I. Rankiteo Cyber Score for July 2025 was 627.

According to Rankiteo, the A.I. Rankiteo Cyber Score for June 2025 was 623.

According to Rankiteo, the A.I. Rankiteo Cyber Score for May 2025 was 684.

Over the past 12 months, the average per-incident point impact on Instagram’s A.I Rankiteo Cyber Score has been -47.0 points.

You can access Instagram’s cyber incident details on Rankiteo by visiting the following link: https://www.rankiteo.com/company/instagram.

You can find the summary of the A.I Rankiteo Risk Scoring methodology on Rankiteo by visiting the following link: Rankiteo Algorithm.

You can view Instagram’s profile page on Rankiteo by visiting the following link: https://www.rankiteo.com/company/instagram.

With scores of 18.5/20 from OpenAI ChatGPT, 20/20 from Mistral AI, and 17/20 from Claude AI, the A.I. Rankiteo Risk Scoring methodology is validated as a market leader.