Instagram starts warning users after Meta AI vulnerability enabled account takeovers

New Delhi:

Instagram is sounding the alarm after a major security slip involving Meta AI put user accounts at risk. Last week, word spread that hackers took advantage of a flaw in Meta’s AI-powered support system to let them hijack Instagram profiles.

Meta said that they have closed the loophole, but it’s not just business as usual. The company is reaching out directly to people caught up in this mess, pushing them to lock down their accounts fast.

How the Meta AI exploit worked

Hackers figured out how to trick Meta’s AI chatbot during the account recovery process. They would pretend to be the rightful owner, and sometimes, the system just believed them. In several cases, the AI let attackers swap out the email address tied to an Instagram account for one they controlled. After that, they just reset the password and booted the original owner. Imagine logging in and finding your profile completely out of your hands. And unfortunately, that’s what happened to more than a few users.

High-value Instagram accounts targeted

It was not random accounts, and attackers have been targeting valuable handles and well-known profiles with short usernames that fetch big money on dark web marketplaces. While Meta has not yet released numbers (by the time of writing), complaints from hijacked users started piling up as the exploit surfaced.

Meta says the vulnerability has been fixed

Now, Meta says that they have fixed the glitch. Still, some people kept reporting takeovers even after the announcement. Meta’s security team says they’re on cleanup duty, restoring accounts and double-checking any new reports that come in. If you’ve noticed weird password reset emails or got hit with extra security prompts, it’s Meta making sure you really own your profile.

Instagram sending security alerts to users

To warn affected users, Instagram has started sending out emails about the breach. If you get it the message, stating that ‘Instagram spotted suspicious activity on your account’ and they think it was compromised. 

Users receiving such notifications should:

• Change their Instagram password immediately
• Enable two-factor authentication (2FA)
• Review connected devices and active login sessions
• Remove any unfamiliar email addresses or phone numbers linked to the account

How users can stay protected

• Cybersecurity folks always say the same thing: Use strong, unique passwords.
• Turn on 2FA for every social account.
• Do not blindly trust recovery emails, and keep an eye out for messages from Instagram security.

As AI tools run more stuff behind the scenes, companies like Meta have to get better at making sure this does not happen again.