Instagram has begun notifying users who may have been affected by a recent security incident that reportedly allowed hackers to gain access to accounts through Meta’s AI-powered support system. The issue attracted widespread attention after several users claimed that attackers exploited Meta AI to take conctrol of Instagram profiles, including accounts with valuable usernames and large followings.
Although Meta says the vulnerability has now been fixed, the company is continuing to secure affected accounts and warn users who may have been impacted.
Also read: iOS 27 Leak Suggests Major Siri Overhaul With Dedicated App, AI Search and Smarter Photo Editing
How the Meta AI Exploit Worked
According to reports, the attackers took advantage of a flaw within Meta’s AI-powered support tools. The vulnerability allegedly allowed hackers to convince the chatbot that they were the legitimate owners of targeted Instagram accounts.
In some cases, attackers reportedly asked the AI assistant to link an Instagram account to an email address they controlled. Once the email address was changed, they could initiate a password reset process and potentially gain full access to the account.
The attack did not require advanced hacking techniques. Instead, it relied on manipulating the AI system through simple conversations, raising concerns about how AI-powered support tools verify account ownership.
Multiple Instagram Accounts Reportedly Targeted
The account takeover campaign appears to have affected a wide range of users. Reports suggest that accounts with short usernames, high visibility, or desirable handles were among the primary targets.
Several social media users claimed that their accounts were compromised despite having security measures enabled. The incident also sparked broader concerns about the growing role of artificial intelligence in account management and customer support systems.
Meta Says the Vulnerability Has Been Fixed
Earlier, Meta confirmed that it had identified and patched the security flaw responsible for the attacks.
However, some users continued reporting suspicious account activity even after the company announced the fix. As a result, Meta has continued monitoring the situation and taking additional steps to protect users.
The company has not publicly disclosed how many Instagram accounts were affected during the incident.
Instagram Begins Sending Security Alerts
As part of its response, Instagram has started sending warning emails to users whose accounts may have been involved in the security incident.
The notifications reportedly inform users that suspicious activity was detected and that additional security measures have been applied to their accounts.
Affected users may experience:
- Password reset requests
- Security verification prompts
- Additional login checks
- Requests to confirm account ownership
Instagram is encouraging impacted users to update their passwords and review their account security settings immediately.
What Users Should Do to Protect Their Accounts
Even if users have not received a warning email, security experts recommend taking proactive measures to strengthen account protection.
Change Your Password
Users should create a strong and unique password that is not shared with other online services.
Enable Two-Factor Authentication
Two-factor authentication (2FA) adds an extra layer of security by requiring a verification code during login attempts.
Check Login Activity
Instagram allows users to review active sessions and connected devices. Any unfamiliar activity should be removed immediately.
Review Linked Email Addresses
Users should confirm that their account is connected to the correct email address and phone number.
Watch for Suspicious Emails
Attackers sometimes send fake password reset messages. Always verify that emails come from official Instagram or Meta domains before clicking any links.
Growing Concerns Around AI-Powered Support Systems
The incident highlights one of the challenges facing companies that increasingly rely on AI for customer support and account management.
While AI systems can improve efficiency and reduce response times, they must also be designed with strong verification safeguards. Security experts warn that AI assistants should never make account-related changes without rigorous identity verification procedures.
As more technology companies integrate AI into user support systems, similar security concerns may continue to emerge.
Also read: Apple May Bring AI-Powered Theft Detection Lock to iPhone, Similar to Android Security Feature
Final Thoughts
The recent Instagram account takeover incident serves as a reminder that even advanced AI systems can introduce unexpected security risks. While Meta says the vulnerability has been fixed, the event has raised important questions about how artificial intelligence should handle sensitive account management tasks.
Users should take the opportunity to review their account security settings, enable two-factor authentication, and remain alert for suspicious activity. As AI becomes more deeply integrated into online platforms, maintaining strong security practices will remain just as important as ever.