Instagram has started notifying users whose accounts may have been compromised in a recent security incident linked to Meta’s AI-powered support tools.
The development follows reports that hackers exploited a vulnerability in Meta AI to gain unauthorised access to Instagram accounts, in some cases locking users out of their profiles entirely.
Meta has since confirmed that the flaw has been fixed and says it is working to secure affected accounts while alerting impacted users.
How the exploit reportedly worker
According to reports, attackers took advantage of a weakness in Meta’s AI-driven support system.
The flaw allegedly allowed hackers to convince the chatbot that they were the legitimate owners of targeted Instagram accounts. By requesting that an account be linked to an email address under their control, attackers could reportedly trigger password reset processes and gain access to user profiles.
Once access was obtained, some victims found themselves locked out of their own accounts.
The incident reportedly affected a range of profiles, including accounts with highly sought-after usernames and several high-profile users.
Meta says the vulnerability has been patched
Meta spokesperson Andy Stone said earlier this week that the company had fixed the security issue after becoming aware of the exploit.
However, reports of additional account takeovers surfaced even after the patch was announced, prompting concerns among users
Also Read | A home on the Moon? NASA's new plan shows how it could happen
In a subsequent update, Stone said some affected users might receive password reset prompts or be asked additional security questions when attempting to access their accounts.
Meta has not disclosed the total number of accounts affected by the incident.
Instagram begins notifying users
The company has now begun contacting potentially impacted users directly.
According to reports, Instagram has sent warning emails informing users that suspicious activity was detected on their accounts and that security measures had been applied as a precaution.
Affected users are being instructed to reset their passwords and review their account security settings.
Meta also confirmed that password reset emails are being sent to users whose accounts may have been compromised during the attack.
Growing concerns around AI-powered systems
The incident has reignited debate about the security risks associated with increasingly automated support and verification systems.
Also Read | Wolverine claws his way onto PS5 as Marvel reveals brutal new gameplay
As technology companies expand the use of artificial intelligence for customer service and account management, cybersecurity experts have repeatedly warned that weaknesses in automated decision-making systems could create new opportunities for exploitation.
For Meta, the episode highlights the challenge of balancing convenience with security as AI tools become more deeply integrated into its platforms.
While the company says the vulnerability has been addressed, the incident serves as a reminder that even sophisticated AI-powered systems can become targets for cybercriminals seeking new ways to bypass traditional security measures.
