Svoboda Cybersecurity Brief January 12, 2026
Instagram denies breach despite 17M account data leak
Instagram (Meta) denies a breach but confirms fixing a bug that allowed mass password reset requests, while a dataset of 17M profiles (usernames, emails, phone numbers, addresses) surfaced online. Researchers suspect the data is compiled from past scraping incidents (e.g., 2017 API exploit), but Meta states no recent API breaches occurred.
Impact: Targeted phishing, smishing, and social engineering risks due to exposed PII.
Mitigation: Enable 2FA, ignore unsolicited password reset emails, and monitor for suspicious activity.
Source: BleepingComputer
API scraping incidents remain a recurring threat
The Instagram leak highlights persistent risks of API scraping, with past incidents (2017) similarly exposing millions of accounts. Meta disputes claims of 2022/2024 breaches but acknowledges historical vulnerabilities. Datasets often merge older leaks, complicating attribution.
Source: BleepingComputer
Share this brief: https://svo.bz/KpIt
If you want to support us, you can donate here: Donate