Meta confirms 1000s of Instagram accounts were hacked by abusing its AI chatbot
this.weekinsecurity.com
June 6, 2026
3 min read
🔥🔥🔥🔥🔥
64/100
Summary
Meta has confirmed that thousands of Instagram accounts were hacked by exploiting its AI chatbot. The company is notifying affected users about the hijacking incidents that occurred over several months.
Key Takeaways
- Meta confirmed that over 20,225 Instagram accounts were hacked by exploiting a vulnerability in its AI-assisted account recovery system.
- Hackers were able to reset passwords by tricking the AI chatbot into sending verification codes to their own email addresses instead of the account holders'.
- Meta has disabled the AI chatbot involved in the breaches and is reviewing other chatbots to prevent similar incidents.
- The hacking campaign began around April 17 and continued until recently, with Meta notifying affected users to reset their passwords and secure their accounts.
Community Sentiment
Positives
- The AI chatbot functioned correctly in its intended operations, demonstrating the potential of AI tools to automate processes, even if the implementation had flaws.
- The incident highlights the importance of robust verification systems in AI applications, which can lead to improved security measures in future developments.
Concerns
- The failure to verify email addresses during password resets reveals significant shortcomings in AI safety and accountability, raising concerns about user data protection.
- The lack of a human appeal process for account issues indicates a troubling reliance on automated systems, which can lead to user frustration and loss of trust.
- The incident underscores the risks of deploying AI tools without thorough testing, as critical vulnerabilities can be exploited, compromising user security.
