Data Theft of Millions of Instagram Users

SadaNews - The cybersecurity company "Malwarebytes" revealed a leak of data affecting nearly 17 million users on the social media platform Instagram, in a breach that could expose affected individuals to phishing emails aimed at compromising their accounts.

The antivirus firm announced that hackers have posted usernames, home addresses, email addresses, phone numbers, and other personal data of social media users on the dark web.

This breach comes at a time when subscribers of the adult site "Pornhub" are receiving warnings about phishing emails threatening to expose their browsing habits, following what the adult site described as a "recent cybersecurity incident".

In December, the management of "Pornhub" stated: "We are aware that those responsible for this incident have threatened to contact affected Pornhub Premium (paid subscriber accounts) users directly," advising account holders to beware of emails from individuals "claiming to have their personal information".

The site confirmed that no passwords, credentials, payment details, or government identities were compromised or exposed. According to the site, the breach affected some of its premium users and was conducted through an external data analysis company called "Mixpanel".

However, according to tech media, the hackers claim to have stolen about 200 million records, or 94 gigabytes of personal viewing and search logs, in addition to email addresses.

The hacking group "Shine Hunters" has claimed responsibility for the breach, stating that they will publish the stolen data if a ransom is not paid.

"Shine Hunters" has previously carried out breaches of dozens of companies, including "Santander", "Ticketmaster", "AT&T", and "Qantas Airways".

Weeks before revealing their latest breach, "Shine Hunters" targeted the "Salesforce" platform, a widely used American software platform for customer service and sales, prompting the Google web security team to pay attention to the group.

"Malwarebytes" also reported in January that hackers discovered a way to create fake emails from Google that bypass spam filters to steal login data for the Microsoft 365 platform.

The company explained that scammers send fake messages that are "extremely convincing" and not only pass through "several trusted Google services" but also redirect the unwitting recipient to a "fake Microsoft 365 login page designed to steal usernames and passwords".