Meta admitted that more than 20 thousand Instagram accounts were hacked by taking advantage of a flaw in its AI-based account recovery system. The attackers exploited a technical weakness to obtain users’ password reset links and took over multiple accounts. Reports have claimed that photos, email addresses, direct messages, account activity records, date of birth and other personal information may be affected in this cyber attack. This incident has created new concerns regarding social media security. Meta is now advising affected users to be cautious and turn on two-factor authentication.
Flaw in AI recovery system became the reason
According to Meta, this entire incident happened due to a weakness in its high touch support tool. This AI based recovery system was created to help users who lose access to their Instagram account. According to the report, the attackers took advantage of the weakness of this system and obtained password reset links. Accounts which did not have two-factor authentication activated were the most affected. Meta said the attackers misused the account recovery process to gain control of the accounts. After this incident, the company has started reviewing the security arrangements.
How did hackers take over the account?
According to reports, a serious flaw existed in the AI support workflow. The system was not verifying whether the email address given during recovery was actually associated with the concerned Instagram account. Taking advantage of this weakness, hackers convinced the support bot to add a new email to the user’s account. He then requested a password reset and regained access to the account as soon as he received the reset code. Videos and screenshots that surfaced online also indicated that the attackers were carrying out the process by interacting directly with the AI support assistant.
Which data was affected and what should users do?
According to Meta’s data breach notification, the first successful attack took place around April 17, 2026. The company has not yet confirmed what data was stolen, but reports claim that photos, email addresses, direct messages, account activity records, dates of birth and other personal information may have been affected. Due to this security flaw, some famous accounts were also affected, which are said to include Sephora, Barack Obama’s White House account and the account of Chief Master Sergeant of the Space Force. Cyber security experts are advising users to keep strong passwords, turn on two-factor authentication and keep an eye on suspicious activities.
Also read: iPhone 18 can get 48MP camera and new Siri AI, big revelations before launch
Leave a Reply