Hackers Hijack Over 20,000 Instagram Accounts via Meta AI Support Flaw
AI-generated from multiple sources. Verify before acting on this reporting.
UNAUTHORIZED THIRD PARTIES HAVE HIJACKED MORE THAN 20,000 INSTAGRAM ACCOUNTS AFTER EXPLOITING A VULNERABILITY IN META'S AI-POWERED HIGH TOUCH SUPPORT SYSTEM. THE ATTACKERS RESET PASSWORDS WITHOUT REQUIRING TWO-FACTOR AUTHENTICATION, GAINING CONTROL OF THE ACCOUNTS GLOBALLY.
THE INCIDENT WAS DETECTED ON JUNE 8, 2026, WHEN USERS REPORTED BEING LOCKED OUT OF THEIR ACCOUNTS DESPITE ATTEMPTING TO ACCESS THEM THROUGH STANDARD LOGIN PROCEDURES. INVESTIGATIONS REVEALED THAT THREAT ACTORS HAD INTERCEPTED PASSWORD RESET REQUESTS ROUTED THROUGH META'S AUTOMATED CUSTOMER SUPPORT CHANNELS. THE SYSTEM, DESIGNED TO RESOLVE USER ISSUES RAPIDLY USING ARTIFICIAL INTELLIGENCE, ALLOWED ATTACKERS TO BYPASS SECURITY PROTOCOLS INTENDED TO PROTECT ACCOUNTS.
META CONFIRMED THE BREACH IN A STATEMENT RELEASED SHORTLY AFTER THE DISCOVERY. THE COMPANY STATED THAT IT IS WORKING TO RESTORE ACCESS TO AFFECTED ACCOUNTS AND IS IMPLEMENTING EMERGENCY PATCHES TO CLOSE THE VULNERABILITY. NO FINANCIAL LOSS OR DATA EXFILTRATION HAS BEEN CONFIRMED AS OF NOW, THOUGH THE FULL SCOPE OF THE INCIDENT REMAINS UNDER REVIEW.
THE ATTACK APPEARS TO HAVE BEEN COORDINATED, WITH MULTIPLE ACCOUNTS COMPROMISED IN A SHORT TIMEFRAME. SECURITY EXPERTS NOTE THAT THE EXPLOITATION OF AI-DRIVEN SUPPORT SYSTEMS REPRESENTS A NEW FRONTIER IN CYBERSECURITY THREATS. TRADITIONAL SECURITY MEASURES, SUCH AS TWO-FACTOR AUTHENTICATION, WERE RENDERED INEFFECTIVE IN THIS INSTANCE DUE TO THE NATURE OF THE VULNERABILITY.
USERS WHO HAVE BEEN AFFECTED ARE ADVISED TO CHANGE THEIR PASSWORDS IMMEDIATELY AND ENABLE ADDITIONAL SECURITY FEATURES ONCE ACCESS IS RESTORED. META HAS NOT YET DISCLOSED WHETHER ANY PERSONAL DATA WAS ACCESSED OR IF THE ATTACKERS HAVE USED THE COMPROMISED ACCOUNTS FOR FURTHER MALICIOUS ACTIVITIES.
THE INCIDENT RAISES QUESTIONS ABOUT THE SECURITY OF AUTOMATED SUPPORT SYSTEMS AND THE POTENTIAL RISKS ASSOCIATED WITH DEPLOYING AI IN CRITICAL INFRASTRUCTURE. WHILE META HAS TAKEN STEPS TO MITIGATE THE THREAT, THE LONG-TERM IMPLICATIONS OF THE BREACH ARE STILL UNCLEAR.
AUTHORITIES HAVE NOT YET IDENTIFIED THE GROUPS OR INDIVIDUALS RESPONSIBLE FOR THE ATTACK. THE MOTIVATION BEHIND THE HIJACKING REMAINS UNKNOWN, WITH NO CLAIM OF RESPONSIBILITY MADE PUBLIC. INVESTIGATIONS ARE ONGOING TO DETERMINE THE FULL EXTENT OF THE DAMAGE AND TO PREVENT FUTURE INCIDENTS OF A SIMILAR NATURE.
AS OF NOW, META CONTINUES TO MONITOR THE SITUATION AND HAS ESTABLISHED A DEDICATED RESPONSE TEAM TO ADDRESS THE NEEDS OF AFFECTED USERS. THE COMPANY HAS ALSO COMMITTED TO REVIEWING ITS SECURITY PROTOCOLS TO ENSURE THAT SIMILAR VULNERABILITIES DO NOT EXIST ELSEWHERE IN ITS SYSTEMS.