More than 20,000 Instagram accounts were reportedly taken over after hackers found a way to misuse Meta’s AI-powered support system. According to reports, the attackers exploited a flaw in an account recovery tool that was designed to help users regain access to their accounts. Meta has confirmed that around 20,000 accounts may have been affected by the incident and said it has now fixed the issue.

The attack did not involve breaking into Meta’s internal systems. Instead, hackers reportedly manipulated the AI-assisted support process to gain control of Instagram accounts. The flaw allowed attackers to bypass normal account recovery protections and reset passwords for targeted accounts under certain conditions. This made it possible for them to take over user profiles without using traditional hacking techniques.

Security researchers first noticed the problem after several high-profile Instagram accounts were suddenly compromised. Among the reported victims were well-known brands, government-related accounts, and other popular profiles. The incident quickly raised concerns about the security risks of allowing AI systems to handle sensitive account recovery functions without stronger verification checks.

According to investigations, attackers were able to convince the AI support system to make changes to account recovery information. Once they gained access to that process, they could request password resets and lock legitimate users out of their own accounts. Experts said the attack relied more on exploiting weaknesses in the support workflow than on technical hacking skills.

The incident has renewed concerns about the growing use of artificial intelligence in customer support and security operations. Cybersecurity specialists warned that AI systems can sometimes follow instructions too literally if proper safeguards are not built in. They stressed that sensitive actions such as identity verification and password recovery should always include additional security controls.

Reports indicate that many of the targeted accounts did not have multi-factor authentication enabled. Security experts say that accounts protected by extra authentication measures are generally much harder for attackers to take over. The event has once again highlighted the importance of enabling additional security layers on social media accounts.

Meta said it moved quickly to patch the vulnerability after becoming aware of the abuse. The company stated that it is securing affected accounts and taking steps to prevent similar incidents in the future. While the flaw has reportedly been fixed, the company continues to review the impact of the attack and assist users who were affected.

The case serves as a reminder that even advanced AI systems can introduce new security risks if they are given access to sensitive account functions. As companies increasingly rely on automation and artificial intelligence, cybersecurity experts say strong human oversight and security checks remain essential to protect users from account takeover attacks.

Stay alert, and keep your security measures updated!

Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news