Meta said it is working to secure affected accounts and notify potentially impacted Instagram users.
Some users were reportedly locked out of their profiles during the attack
Photo Credit: Pexels/ Solen Feyissa
Instagram is now alerting users whose accounts were part of the recent wave of account takeover by hackers. The issue, linked to Meta AI, surfaced last week when several users reported that attackers were exploiting the AI chatbot to access Instagram accounts. The Menlo Park-based tech giant said that the vulnerability has since been patched; however, reports of compromised accounts surfaced even after the fix was announced. Meta is working to secure affected accounts and notify potentially impacted users.
The attacks exploited a flaw in Meta's AI-powered support system. This reportedly allowed hackers to take control of Instagram accounts through simple chatbot interactions. They allegedly told the AI chatbot that they owned a target account and requested that it be linked to an email address under their control. The chatbot reportedly complied with these requests in certain cases, enabling the attackers to reset passwords and gain access to victim accounts.
Once successful, some users were reportedly locked out of their profiles altogether.
The campaign appears to have affected a variety of accounts, including those with desirable short usernames. Reports also suggested that several high-profile accounts were targeted during the incident.
Earlier this week, Meta spokesperson Andy Stone said that the vulnerability had been fixed. However, more users reported account takeovers even after the company announced the patch.
In a subsequent post on X, Stone said some users could receive password reset notifications or be asked security questions when attempting to log in. In a statement given to TechCrunch, the official confirmed that the company had secured affected accounts and begun sending password reset emails to impacted users. However, it did not disclose how many accounts were compromised.
Users also shared screenshots of warning emails received from Instagram, informing them that suspicious activity had been detected on their accounts. The notification informed users that Instagram believed their accounts may have been compromised and that security measures had been applied. Affected users were instructed to reset their passwords.
Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.