In early June, Meta disclosed that over 20,000 Instagram users had their accounts compromised. Attackers leveraged an AI‑driven support tool to reset passwords and gain unauthorized access. The breach affected accounts worldwide and was detected by Meta’s security team after unusual activity surfaced.
The intrusion stemmed from a flaw in Meta’s automated help desk, which uses artificial intelligence to verify identity and issue password resets. Threat actors submitted crafted requests that the system mistakenly approved, allowing them to change login credentials. Meta confirmed the vulnerability was patched within days, but the damage had already been done. The company is now urging affected users to secure their accounts and is reviewing its AI safeguards.
The compromised system relied on natural‑language processing to interpret user queries. Hackers submitted messages that mimicked legitimate support tickets, prompting the AI to generate reset links. Because the AI lacked robust cross‑checking, it granted the attackers the same privileges as a genuine user. Once the password was changed, the perpetrators could post, view private content, and even link other services to the hijacked accounts. Meta’s internal review indicated that the attackers targeted high‑profile and business profiles, hoping to profit from the stolen data or sell access on underground markets.
For everyday users, the incident highlights the risks of relying on automated support without human oversight. While Meta has restored most compromised accounts, some victims may still face lingering issues, such as unauthorized posts or linked applications. Security experts advise users to enable two‑factor authentication, review connected apps, and monitor login activity regularly. The breach also raises questions about the broader use of AI in customer service, prompting calls for stricter verification protocols before sensitive actions are approved.
The fallout from the hack could reshape Meta’s approach to AI‑driven tools. Industry observers expect tighter safeguards, including multi‑factor checks and manual reviews for password changes. As the company rolls out its fixes, users will watch closely to see whether confidence in Instagram’s security can be restored.
How many Instagram accounts were affected? Meta reports that more than 20,000 accounts were accessed without authorization during the incident.
Can I still be targeted by the same exploit? The specific vulnerability has been patched, but attackers may try similar tactics elsewhere. Enabling two‑factor authentication reduces risk.
What steps should I take if my account was compromised? Reset your password immediately, enable two‑factor authentication, review linked apps, and contact Instagram support if you notice suspicious activity.