META has confirmed that a flaw in Instagram’s AI‑powered account recovery tool led to the compromise of roughly twenty thousand user accounts according to a securityonline.info report. The breach, first detected on 2 June 2026 and still observable until 8 June, allowed attackers to hijack both ordinary and high‑profile profiles, including government and military handles. The company has taken the affected feature offline and is contacting those whose data was exposed.
The vulnerability lay in a logic error within the High Touch Support AI assistant, which failed to verify that the email address supplied during a password reset actually belonged to the account holder. By presenting themselves as victims who had been locked out, threat actors tricked the chatbot into re‑linking their own email to target accounts, a classic confused deputy manoeuvre. To hide their origin they used VPNs and submitted altered images when the system asked for additional verification as noted in a SecurityWeek coverage.
Meta responded by disabling the AI support function and invalidating every password‑reset link that had been generated during the exploitation window per another SecurityWeek piece. The firm said it is adding stricter email‑validation checks to the tool before any future release and has advised users to enable two‑factor authentication as an extra safeguard. Security teams at the company are also reviewing related automated support channels for similar logic flaws.
Observations from Meta’s internal logs show active abuse between 2 June and 8 June 2026, with no identified threat‑actor group claiming responsibility and no CVE identifier assigned to the flaw. The incident highlights how trust in automated support systems can be abused when verification steps are missing or bypassed. Although the total number of hijacked accounts is estimated at twenty thousand, Meta’s associate general counsel noted that the real figure could be lower.
Defenders should treat any unexpected password‑reset request as a potential indicator of compromise and verify the associated email address through out‑of‑band channels. Enforcing mandatory re‑authentication for changes to account recovery settings can reduce the risk of similar abuse. Security teams ought to audit the configuration of any AI‑driven support interfaces, ensuring that they cannot perform privileged actions without proper validation checks. Educating users about social‑engineering tactics that mimic legitimate support interactions will also help curb successful attempts.
Ultimately, enabling multi‑factor authentication remains one of the most effective ways to protect accounts even when recovery mechanisms fail. Organisations should monitor official advisories from Meta and apply any patches or configuration changes as soon as they are released. Staying vigilant about anomalous login patterns and rapid email changes will aid early detection of future abuse.