Instagram users are being notified after a hacking campaign targeted accounts using Meta’s AI chatbot system. The issue involves attackers manipulating the chatbot into helping them gain control of user profiles, and reports suggest the activity continued even after Meta stated the vulnerability had been fixed.
The incidents first surfaced over the weekend when hackers claimed they were able to use Meta’s AI support chatbot to take over Instagram accounts. Soon after, a wave of users reported being locked out of their profiles, with several saying the affected accounts included short, rare usernames that are often highly valuable in online resale markets.
Some of the compromised accounts appeared to include inactive or notable profiles, including accounts linked to public figures and organizations. Reports mentioned that even dormant or high-profile usernames were being targeted, raising concerns about how widely the exploit may have been used.
The method described by attackers did not rely on traditional hacking tools or breaking into Meta’s internal systems. Instead, it involved simply telling the AI chatbot that the attacker was the legitimate account owner and requesting actions such as linking the account to a new email address. Once that change was made, hackers were able to reset passwords and fully take over the accounts in some cases.
Because the process relied on chatbot responses rather than human intervention, Meta employees were not directly involved in approving the changes. This raised questions about how easily automated systems can be manipulated when identity verification is weak or overly simplified.
Meta spokesperson Andy Stone said the issue had been addressed and that the company had already secured affected accounts. However, despite that statement, some users continued reporting fresh cases of account takeovers shortly afterward, suggesting the problem may not have been fully contained.
The company has since begun sending direct notifications to affected users. These alerts warn of suspicious activity and inform users that their accounts may have been compromised, instructing them to reset their passwords and take additional security steps.
In follow-up statements, Meta confirmed that it had started proactively locking and recovering affected accounts while sending password reset requests. However, the company has not disclosed how many users were impacted, leaving the full scale of the attack unclear.
Some users have also shared receiving emails from Instagram stating that unusual activity had been detected and that protective actions were taken automatically. These messages confirm that Meta is actively working through affected accounts, but the situation has highlighted growing concerns about how AI-driven tools can be exploited for account takeovers.
