January 14th – This Week’s Top Cybersecurity and Dark Web Stories

17.5 Million Instagram Users’ Data Leaked

A massive data breach has compromised the personal information of approximately 17.5 million Instagram users, with sensitive details now circulating freely on dark web forums. The leak, first brought to light by cybersecurity researchers at Malwarebytes, has been verified through dark web listings, revealing a treasure trove of contact information that leaves millions vulnerable to identity theft and targeted phishing attacks.

The compromised dataset surfaced on a notorious hacking forum earlier this week, posted by a threat actor operating under the alias “Solonik.” The listing, titled “INSTAGRAM.COM 17M GLOBAL USERS – 2024 API LEAK,” claims to contain 17.5 million user records formatted in JSON and TXT files. The data was reportedly harvested in late 2024 through an “API Leak,” a method that allowed the actor to bypass standard security measures and scrape user profiles globally.

This breach is particularly damaging due to the level of personal detail it includes. Unlike simple username dumps, the leaked database contains structured, comprehensive user profiles:

• Full Names and Usernames
• Verified Email Addresses
• Phone Numbers
• User IDs
• Country and Partial Location Data

The data release has already transitioned from a theoretical risk to an active threat. In the wake of the leak, numerous Instagram users have reported a surge in unsolicited password reset notifications.

While there is no evidence that the leak includes passwords, the combination of emails and phone numbers is sufficient for launching “SIM swapping” attacks and sophisticated social engineering schemes. Scammers are now able to pose as Instagram support or use the exposed personal details to establish trust, tricking victims into handing over two-factor authentication (2FA) codes or login credentials.

The incident has been classified as “scraping,” the automated harvesting of data via public interfaces, rather than a direct intrusion into Instagram’s core servers. However, the sheer scale of the “API Leak” points to a significant failure in rate-limiting or privacy safeguards, which allowed threat actors to query millions of accounts without immediate detection.

Anubis Ransomware Gang Hack Fuel and Energy Giant

The multinational energy company Copec has publicly confirmed that it detected a cybersecurity incident involving unauthorized access to one of its internal information storage systems. The company, however, insists that the situation has been contained and that neither its core operations nor its customers’ data were affected.

In a statement, the firm acknowledged detecting a “security incident associated with unauthorized access to an internal information storage system” a few weeks ago. Copec was quick to clarify the extent of the damage, asserting that the systems managing “customers’ personal data, passwords or information that allows the operation of digital platforms were not compromised.” As a result, the company states that all its systems and services continue to function normally.

The corporate assurances stand in contrast to claims made by the international hacker group known as Anubis. On Friday, the group alleged that it had successfully stolen a significant volume of data, nearly six terabytes, from Copec.

While Copec’s official statement focused on the containment and protection of customer information, it does not explicitly address the six terabytes allegedly stolen by Anubis.

Copec detailed the swiftness of its response, stating that it “immediately activated their security protocols,” blocked the compromised access point, and reinforced its protection measures to prevent recurrence.

The company concluded its statement by confirming that “The operation of Copec and its subsidiaries was not affected,” and noted that it has notified the competent authorities and is maintaining constant monitoring of its systems.

Ledger Customer Data Stolen in Third-Party Cyberattack

Major hardware cryptocurrency wallet firm Ledger has confirmed that a portion of its customers’ data was compromised following a cyberattack on its third-party payment processor, Global-e, as first reported by CoinDesk.

The security incident saw threat actors infiltrate Global-e’s information systems, successfully obtaining data belonging to Ledger.com buyers who had used Global-e as their Merchant of Record.

Ledger was quick to reassure users that the breach was contained within the third-party system and did not affect its core infrastructure. The company explicitly stated that the incident did not impact its platform, hardware, or software systems. Crucially, Ledger emphasized that the payment processing company does not have access to customers’ digital asset secrets, meaning the security of the cryptocurrency wallets themselves remains intact.

While the full extent of the breach is still under investigation, Global-e has confirmed that customer information exposed as a result of the cloud system compromise included:

• Customer names
• Contact details
• A Pattern of Third-Party Vulnerability

This incident marks the latest in a series of security setbacks for Ledger, highlighting the risks inherent in relying on external vendors. The company previously experienced a major data leak in 2020 involving Shopify, which exposed the data of 270,000 clients. More recently, Ledger was hit by a crypto heist in 2023, resulting in a loss of nearly $500,000.