Instagram has fixed a security issue that allowed attackers to take over user accounts. The problem was linked to Meta’s AI-powered support chatbot used in account recovery.
The issue gained public attention over the weekend. Several users on Reddit and X reported sudden account takeovers. Some well-known accounts were also affected.
These included the former White House Instagram account. It has been inactive since 2017. The account of US Space Force Chief Master Sergeant John Bentivegna was also impacted.
Reports suggest the attack exploited Instagram’s AI support process. The chatbot was used during account recovery requests. It helped attackers bypass normal security steps.
The attackers were able to add new email addresses to victim accounts. They then reset passwords without access to original email accounts. This raised serious security concerns.
The chatbot appeared to accept users as account owners too easily. It did not require strong enough identity verification. This weakness made the system vulnerable to abuse.
Security researcher Jane Wong confirmed her account was also compromised. She said her Instagram password was changed without approval. She also noticed repeated password reset attempts before the issue became public.
Some reports also mentioned other affected accounts. These included accounts linked to major brands such as Sephora. However, the full list of affected users has not been confirmed.
Instagram spokesperson Andy Stone confirmed the issue was resolved. He responded to affected users on Monday. He stated that the security flaw has now been fixed.
Meta has not revealed how many Instagram accounts were affected. The company has also not shared full technical details of the incident.
The situation has raised concerns about AI-based support systems. Experts warn that automated tools can create new security risks. This is especially true when they handle sensitive account actions.
On Instagram, actions like email changes and password resets are highly sensitive. Security researchers say these actions require stronger identity checks.
The incident highlights risks linked to AI-powered customer support. If verification systems are weak, attackers can exploit them easily.
In other related news also read PakWheels Instagram Account Disappears, Users Question Platform Status
Meta has now secured the issue in Instagram systems. However, the case shows the need for stronger safeguards. It also highlights the importance of safer AI integration in user account recovery tools.
