>Source posted on 9-jan: https://news.ycombinator.com/item?id=46571968

Yeah the source is terrible. I'd expect at least some sort of explanation on how they arrived at that conclusion, eg. "someone on breachforums claims to have it for sale" or "some whistleblower at instagram reported". If it's the former, it's possible that instagram themselves aren't at fault, eg. they got it via phishing or credential stuffing.