Instagram Password Reset Flaw Briefly Exposed Private Data of High-Profile Users On 6 June 2026, a security flaw in Instagram’s password reset tool temporarily exposed the private email addresses and phone numbers of high-profile users, including Meta CEO Mark Zuckerberg and football star Kylian Mbappé. The vulnerability stemmed from a logic bug in the website’s code, which failed to mask sensitive contact details during password reset requests displaying full information instead of the usual redacted format (e.g., m@fb.com*). The issue gained widespread attention after screenshots of Zuckerberg’s exposed details circulated on social media, with cybersecurity accounts like vx-underground and International Cyber Digest highlighting the flaw. The latter also revealed that Mbappé’s hidden TikTok account, not publicly linked to his identity, was compromised in the same incident. Meta confirmed the bug was not the result of a system breach but rather a programming error. The company deployed an emergency fix within hours, stating that no mass data theft occurred. However, experts noted the exposure violated Meta’s own privacy policies and could potentially breach EU GDPR Article 25, which mandates data protection by design. The incident underscores broader security challenges for Instagram, which has faced multiple issues in 2026. In January, scammers exploited its password system to send millions of fake emails, while a separate dark web leak allegedly exposed 17.5 million user records. Earlier this month, threat actors also hijacked high-profile accounts, including those of the White House archive and US Space Force, by manipulating Meta’s AI customer service chatbot through prompt injection attacks. While Meta emphasized that the password reset flaw was contained, the exposure of sensitive details raises risks of phishing, SIM-swapping, and targeted account takeovers. No CVE tracking number has been assigned to the vulnerability as of reporting.

Massive Stalkerware Data Leak Exposes Private Photos, Messages of European Celebrity and Influencers Cybersecurity researcher Jeremiah Fowler discovered a major data leak involving 86,859 private images, screenshots, and messages belonging to a prominent European celebrity, entrepreneur, and media personality, as well as several social media influencers. The files stored in an unprotected, publicly accessible database revealed intimate details, including romantic conversations, phone numbers, email addresses, and images of ID documents like invoices and receipts. The breach stemmed from stalkerware, a type of spyware installed without the victim’s knowledge to monitor their device activity. Analysis indicated the software captured screenshots directly from the victim’s phone, bypassing encryption by recording messages as they appeared on-screen. The leak also included chat logs from WhatsApp, Facebook, TikTok, and Instagram, some involving influencers with millions of followers. Fowler determined the database lacked password protection, allowing anyone with internet access to view the sensitive files. While he refrained from naming the victims to protect their privacy, he contacted them using the leaked phone numbers and alerted law enforcement to halt further surveillance. Stalkerware typically requires physical access to a device for installation and can track GPS locations, read texts, and even activate the camera or microphone. Though apps like WhatsApp use end-to-end encryption, spyware circumvents this by capturing on-screen content. The incident underscores the risks of misconfigured storage and the invasive capabilities of such surveillance tools.

Instagram Data Exposure Highlights Growing Risks of "Cumulative Identity Theft" A recent incident involving Instagram has sparked debate over what constitutes a data breach and why even "non-breach" exposures can erode customer trust. In an interview with CX Today, Ron Zayas, CEO of Ironwall by Incogni, warns that traditional security definitions fail to account for the dangers of cumulative risk, where seemingly harmless data leaks combine to fuel sophisticated cyber threats. Zayas argues that aggregated identity data such as names, email addresses, or behavioral patterns can enable attackers to craft highly targeted phishing and impersonation schemes, even without a confirmed system intrusion. He draws a parallel to banking: customers don’t wait for a direct theft to lose confidence in a bank’s security; the same applies to companies handling personal data. Once trust is damaged, loyalty follows. The discussion also underscores the importance of transparent crisis communication. Zayas advises leaders to avoid minimizing incidents or relying on legal loopholes, instead treating customer data with the same urgency as financial assets. Key recommendations include limiting third-party data sharing and providing affected users with clear, actionable guidance. The incident serves as a reminder that privacy is now a critical driver of customer loyalty, and how organizations respond to exposure regardless of breach status can determine long-term reputational impact.

ZeroDayRAT: A Rising Mobile Spyware Threat with Global Reach Since February 2, 2026, ZeroDayRAT, a sophisticated mobile spyware platform, has been sold openly on Telegram channels, offering cybercriminals an accessible tool for large-scale surveillance and financial theft. Developed and marketed through dedicated groups for sales, support, and updates, the malware targets Android (versions 5–16) and iOS (up to version 26, including iPhone 17 Pro) with minimal technical expertise required. Operators gain real-time control via a browser-based dashboard, enabling live spying, data theft, and financial attacks against victims worldwide. Infections typically begin through social engineering tactics, including smishing texts, phishing emails, fake app stores, or malicious links shared on WhatsApp and Telegram. Once installed via an APK on Android or a payload on iOS ZeroDayRAT grants full device access without the victim’s knowledge. ### Surveillance & Data Exfiltration Capabilities The spyware’s dashboard provides a comprehensive overview of compromised devices, including: - Device details: Model, OS version, battery level, country, lock status, SIM/carrier info, and dual-SIM numbers. - User profiling: App usage timelines, peak activity hours, and network providers. - Real-time notifications: Intercepted alerts from WhatsApp, Instagram, Telegram, YouTube, and system events. - Location tracking: GPS data mapped on Google Maps, with historical movement records (e.g., a device in Bengaluru). - Account harvesting: Usernames/emails from Google, WhatsApp, Instagram, Facebook, Amazon, Flipkart, PhonePe, Paytm, and Spotify enabling account takeovers or follow-up phishing. - SMS access: Full inbox search, message spoofing, and OTP interception, bypassing SMS-based two-factor authentication (2FA). ### Advanced Surveillance & Financial Theft ZeroDayRAT escalates beyond passive monitoring with active spying tools: - Live camera/microphone streams (front/back) synced with GPS for real-time tracking. - Keylogging: Captures keystrokes, biometrics, gestures, and app launches, paired with a live screen preview to steal passwords and sensitive inputs. - Crypto theft: Targets wallets like MetaMask, Trust Wallet, Binance, and Coinbase, swapping clipboard addresses to hijack transactions. - Banking attacks: Compromises UPI apps (PhonePe, Google Pay), Apple Pay, and PayPal via credential overlays, blending traditional and cryptocurrency theft. ### Global Impact Evidence from the dashboard shows compromised devices in multiple countries, including India and the U.S., underscoring the spyware’s widespread deployment. With its low barrier to entry and commercial availability, ZeroDayRAT represents a growing threat to individual privacy, financial security, and organizational data integrity.

Instagram Data Leak Exposes 17.5 Million Accounts in Early 2026 In January 2026, a significant data leak exposed personal information belonging to approximately 17.5 million Instagram users. The breach, first reported by cybersecurity outlets, involved sensitive data including emails, phone numbers, and usernames now circulating on dark web forums. The incident surfaced amid a surge in suspicious password reset emails sent to users, raising concerns about phishing campaigns exploiting the leaked data. Meta, Instagram’s parent company, denied a direct breach of its systems, attributing the exposure to third-party scraping or historical vulnerabilities. However, independent analysts suggest the data may have originated from Instagram’s API, citing past incidents where outdated or poorly secured interfaces were exploited. A 2024 API leak, for example, allowed attackers to harvest user details through automated scripts. The leaked dataset, which first appeared on dark web markets around January 9, 2026, includes biographical details and regional targeting, particularly in Germany. Cybersecurity experts warn of increased risks of identity theft, phishing attacks, and impersonation schemes, especially for businesses and influencers reliant on the platform. User reports on X (formerly Twitter) describe unsolicited password reset requests, while posts from cybersecurity accounts confirm the sale of the data in underground markets. The breach has reignited criticism of Meta’s security practices, with comparisons drawn to past incidents, including a 2017 API bug that exposed verified accounts and a 2018 flaw that leaked passwords in plaintext. Regulatory scrutiny is expected, particularly under frameworks like the GDPR, as the incident underscores broader industry challenges in safeguarding user data. While Meta has encouraged users to enable two-factor authentication and report suspicious activity, experts emphasize the need for stronger encryption, regular audits, and transparent reporting to prevent future breaches. The fallout highlights the ongoing tension between connectivity and security in social media, with users and regulators alike demanding greater accountability from platforms. As investigations continue, the full impact of the leak remains under assessment.

Massive Infostealer Database Exposes 184 Million Credentials in Latest Cybersecurity Threat Cybersecurity researcher Jeremiah Fowler recently uncovered an unsecured database containing over 184 million unique login credentials, underscoring the escalating danger posed by infostealer malware. The exposed data—including emails, passwords, and authorization URLs—spanned a wide range of services, from Microsoft, Facebook, and Instagram to financial institutions, healthcare portals, and government accounts. Unlike traditional data breaches, this trove was likely compiled by infostealers, a type of malware designed to silently extract credentials from infected devices. These malicious programs harvest data from browsers, email clients, messaging apps, and even cryptocurrency wallets, often spreading via phishing emails, malicious websites, or cracked software. The database’s removal from public access does not mitigate the broader threat, as infostealers continue to operate at scale. The sheer volume of exposed credentials suggests millions of individuals may be affected, though the number of unique victims is likely lower due to multiple accounts per user. Modern infostealers go beyond simple password theft, capturing autofill data, cookies, screenshots, and keystrokes, enabling attackers to bypass security measures and launch credential stuffing attacks, account takeovers, identity theft, and targeted phishing campaigns. This incident highlights the pervasive nature of infostealer infections, which allow cybercriminals to build detailed profiles of victims’ digital lives. While the exposed database has been secured, the underlying threat remains, with malware like Lumma Stealer (recently disrupted by authorities) representing just one of many sophisticated variants in circulation.

Mass Instagram Password Reset Emails Spark Data Breach Concerns On January 8, 2025, Instagram users worldwide began receiving unsolicited password reset emails from the platform’s official domain ([email protected]). The messages, which appeared legitimate—complete with proper formatting and verification marks—triggered widespread confusion, as no users had initiated the resets. Reports flooded social media platforms, including Reddit and X, with users questioning whether the emails were part of a targeted attack, a technical error, or evidence of a larger breach. Some users found the reset notifications missing from their Instagram security logs, while others received identical emails after manually changing their passwords—a sign the domain was authentic. Speculation ranged from a phishing campaign to a misconfigured system trigger, with one Reddit user in email marketing suggesting a possible "legacy system" error. The incident gained further urgency after Malwarebytes revealed on January 9 that hackers had stolen data from 17.5 million Instagram accounts, including usernames, physical addresses, phone numbers, and email addresses. The stolen data, now circulating on the dark web, could enable cybercriminals to impersonate brands or launch credential-stuffing attacks. The timing of the password reset emails aligns with the breach, raising concerns that the two events may be connected. Meta, Instagram’s parent company, has yet to issue a public statement. The global scale of the reset emails—affecting users across multiple time zones—suggests a systemic issue rather than isolated incidents. As of now, the cause remains unconfirmed, though the overlap with the reported breach has intensified scrutiny.

Instagram faces an explosion of AI-generated influencer accounts using deepfake technology to steal videos from real models and monetize them. This trend undermines the platform's credibility and the income of authentic creators. Real models' views have plummeted, directly impacting their livelihoods. Instagram's lack of action against this widespread issue has industrialized AI exploitation, signaling a concerning shift towards AI dominance in social media content.

Massive Instagram Data Breach Exposes 17.5 Million Users’ Personal Information A significant data breach has exposed the personal details of approximately 17.5 million Instagram users, with the compromised dataset now circulating on dark web forums. The leak, first identified by cybersecurity researchers at Malwarebytes, was posted by a threat actor under the alias “Solonik” earlier this week. The listing, titled “INSTAGRAM.COM 17M GLOBAL USERS 2024 API LEAK,” claims the data was harvested in late 2024 through an API vulnerability, allowing automated scraping of user profiles worldwide. The breach is particularly severe due to the depth of exposed information, which includes full names, usernames, verified email addresses, phone numbers, user IDs, and partial location data. Unlike previous leaks limited to usernames, this dataset enables cybercriminals to construct detailed profiles for targeted attacks. Screenshots of the data confirm its authenticity, showing structured records that facilitate identity theft and phishing campaigns. The incident has already led to active exploitation, with affected users reporting a surge in unsolicited password reset notifications. While passwords were not included in the leak, the combination of emails and phone numbers enables SIM-swapping attacks and sophisticated social engineering. Attackers can impersonate Instagram support or use exposed details to manipulate victims into revealing two-factor authentication (2FA) codes or login credentials. The breach is classified as a scraping incident exploiting public API endpoints rather than a direct server intrusion. However, the scale suggests a failure in rate-limiting or privacy controls, allowing threat actors to extract millions of records undetected. As of January 10, 2026, Meta has not issued a public statement addressing the 17.5 million-record dump. The incident underscores the risks of API-based data exposure and the need for enhanced security measures to prevent automated harvesting of user information.

Instagram Data Leak Claims Reignite Concerns Over Old Breach and New Security Incident A recent claim by a hacker known as Solonik sparked fresh alarm over a purported 2024 Instagram data leak affecting 17 million users. The hacker posted the alleged dataset on a clear web hacking forum on 7 January, asserting it contained sensitive information including usernames, physical addresses, phone numbers, and email addresses. Cybersecurity firm Malwarebytes amplified the claim on X (formerly Twitter), suggesting the breach was both new and severe. However, investigations revealed the dataset was not new. A separate forum member had shared an identical dataset in 2023, describing it as a scrape of Instagram’s data though its origin remained unclear. The sample data provided by Solonik matched records from nearly three years prior, indicating the hacker had merely repackaged old information, a common tactic among cybercriminals. The situation grew more complex when Instagram users reported receiving unsolicited password reset emails, leading some observers to speculate a link between the two incidents. Meta, Instagram’s parent company, swiftly denied a breach but acknowledged a separate security issue. A spokesperson stated that the company had “fixed an issue that allowed an external party to request password reset emails for some users”, emphasizing that “no breach of [Meta’s] systems occurred” and that accounts remained secure. Users were advised to disregard the emails. While the 17-million-record dataset was confirmed to be old dating back to January 2021 and later added to Have I Been Pwned’s (HIBP) database its contents still pose risks. The data includes usernames, display names, account IDs, and in some cases, geolocation, email addresses (6.2 million records), and phone numbers, all of which could be exploited for phishing or social engineering attacks. The incident highlights the persistent threat of repackaged breach data and the challenges in verifying hacker claims, even as Meta works to contain unrelated security vulnerabilities.