Instagram is notifying users whose accounts were compromised during a security breach involving its AI-powered support chatbot. Hackers maintained access to victim accounts even after Meta claimed to have patched the vulnerability.
Meta's AI chatbot, designed to provide customer support, contained a flaw that allowed hackers to gain unauthorized account access. The vulnerability granted attackers the ability to take over user accounts and potentially access sensitive information.
The breach came to light when affected users began receiving notification alerts from Instagram about unauthorized access attempts. Meta subsequently confirmed the security incident and stated it had implemented fixes to address the chatbot vulnerability.
However, evidence suggests the problem persisted beyond Meta's initial remediation efforts. Some users who received alerts reported continued unauthorized access to their accounts, indicating that the fix may not have fully resolved the underlying issue.
The incident raises questions about the security measures protecting Meta's AI systems and the vetting process for customer-facing chatbot features. AI-powered support tools have become increasingly common across major platforms, but this breach highlights potential risks when these systems interface with sensitive account controls.
Meta has not disclosed the total number of affected users or provided details about what information hackers accessed. The company has advised affected users to change their passwords and review account activity for suspicious changes.
This is not Meta's first security incident involving AI systems. Previous vulnerabilities in automated tools have exposed user data and enabled account takeovers. The timing of alerts to users suggests Meta discovered the breach internally or through external security researchers.
Users experiencing unauthorized account access are encouraged to secure their accounts immediately and contact Instagram support. Meta continues investigating the incident and has not announced additional details about the scope or timeline of the attacks.
Wearable ring maker Ultrahuman disclosed a security breach exposing customer wellness data after attackers stole credentials from a malware-infected employee laptop. The incident gave hackers access to an internal tool used to manage user information.
2026 has seen unprecedented security failures across government and critical infrastructure, including a massive breach of the Department of Government Efficiency database, compromised energy and water systems, and infiltration of an FBI surveillance platform.
Researchers have discovered a method to compromise PCs through speaker hardware, bypassing traditional security measures. The attack exploits audio devices to gain unauthorized access without requiring physical contact with the target machine.
Researchers have demonstrated how artificial intelligence could enable self-propagating worms to spread through computer networks without human control. The proof-of-concept highlights a new category of cybersecurity threat.