Instagram has warned users of possible account breaches following reports that hackers exploited Meta’s AI chatbot to gain unauthorized access.
Instagram has issued urgent warnings to users after a wave of suspected hacking incidents linked to vulnerabilities in Meta’s AI-powered support chatbot. The company has begun notifying users via email about potential security breaches, urging them to take immediate action to secure their accounts.
The alerts come after multiple users reported unauthorized access to their Instagram profiles, raising concerns about the safety of AI-driven account recovery systems.
In its communication to users, Instagram stated that it had identified unusual activity suggesting that certain accounts may have been compromised. The company reassured users that precautionary measures had already been taken to secure affected accounts.
Users receiving the alert are being asked to reset their passwords immediately. The email also directs them to Instagram’s Help Centre, where additional security guidelines and recovery steps are provided.
Meta spokesperson Adam Stone confirmed the development in a public statement, noting that while the company has secured impacted accounts, efforts are ongoing to restore access for affected users.
Reports of the hacking incidents began surfacing toward the end of May 2026. Between May 30 and May 31, several users took to social media platforms such as Reddit and X (formerly Twitter) to report that their Instagram accounts had been compromised.
On June 1, Meta stated that the issue had been resolved. However, new reports emerged the following day, indicating that the problem might not have been fully contained. Additional users claimed that their accounts had also been targeted, suggesting a broader and more persistent attack campaign.
According to various reports, the attackers exploited Meta’s AI chatbot, which is designed to assist users with account recovery and support queries. Hackers allegedly manipulated the chatbot by posing as legitimate account owners.
By providing fabricated details, they convinced the chatbot to change account recovery information, such as the registered email address. In some cases, the chatbot reportedly failed to perform adequate identity verification before processing these requests.
Once the attacker’s email was linked to the account, they could easily initiate a password reset and gain full control. This method allowed hackers to bypass traditional security checks and lock out the original account owners.
In several reported cases, victims found themselves completely locked out of their accounts after hackers altered login credentials. This included changing email addresses, passwords, and other recovery details, making it difficult for legitimate users to regain access.
The situation has caused distress among users, particularly those with high-profile accounts or businesses that rely heavily on Instagram for engagement and revenue.
Meta has stated that it has already taken steps to secure affected accounts and prevent further misuse of the AI chatbot. The company is also working to restore access for users who were locked out during the attacks.
While Meta has not disclosed the exact technical fixes implemented, the company emphasised its commitment to improving security measures and addressing any vulnerabilities in its systems.
The incident has also prompted Meta to reassess how its AI tools handle sensitive account-related requests.
The hacking campaign has sparked broader concerns about the security of AI-powered systems, particularly those involved in authentication and account recovery processes.
Experts warn that AI chatbots, if not properly supervised, can be manipulated through social engineering tactics. Without strict verification protocols, such systems may inadvertently grant access to malicious actors.
This incident highlights the importance of implementing robust safeguards when deploying AI in critical user-facing functions.
In light of these developments, users are being strongly advised to enable Two-Factor Authentication (2FA) on their accounts. This additional security layer requires users to verify their identity using a secondary method, such as a one-time code sent to their phone or email.
Enabling 2FA significantly reduces the risk of unauthorized access, even if login credentials are compromised.
Users are also encouraged to use strong, unique passwords and remain cautious of suspicious emails or messages claiming to be from Instagram.
To enhance account security, users should follow these best practices:
These steps can help minimise the risk of hacking and ensure better protection against evolving cyber threats.
Conclusion
The recent hacking incidents linked to Meta’s AI chatbot serve as a reminder of the challenges associated with integrating artificial intelligence into sensitive systems. While AI offers convenience and efficiency, it also introduces new vulnerabilities that must be carefully managed.
Instagram’s swift response and user alerts indicate that the company is taking the issue seriously. However, the incident underscores the need for continuous improvements in AI security and user awareness.
As cyber threats become more sophisticated, both technology companies and users must remain vigilant to safeguard digital identities and online assets.