comscore
हिंदी
  • Home
  • News
  • Meta confirms over 20,000 Instagram accounts hacked through AI recovery tool flaw: ALL details

Meta confirms over 20,000 Instagram accounts hacked through AI recovery tool flaw: ALL details

Meta has confirmed that more than 20,000 Instagram accounts were compromised after hackers exploited a flaw in an AI-assisted account recovery system.

Published By: Divya | Published: Jun 09, 2026, 05:47 PM (IST)

Instagram
  • whatsapp
  • twitter
  • facebook
  • whatsapp
  • twitter
  • facebook

Meta has confirmed that more than 20,000 Instagram accounts were compromised after hackers exploited a flaw in one of the company’s AI-assisted account recovery systems. news Also Read: Meta reportedly testing Hatch AI agent to compete with OpenAI and Anthropic: Report

The issue was linked to Meta’s High Touch Support (HTS) tool, which is designed to help users regain access to locked Instagram accounts. According to the company, attackers found a way to misuse the recovery process and gain control of accounts by receiving password reset links that should never have been sent to them. news Also Read: Instagram Plus rolls out globally with 48-hour stories, bio fonts and extra features

What exactly happened?

The problem was not with Instagram passwords directly being leaked. Instead, hackers reportedly took advantage of a weakness in the account recovery workflow. news Also Read: WhatsApp working on new Scam Alert feature that could warn users before they reply

Meta says the system failed to properly verify whether the email address submitted during a password recovery request actually belonged to the Instagram account in question.

In simple terms, attackers were able to provide a different email address, convince the recovery system to accept it, and then receive password reset links on that email. Once the reset link arrived, taking over the account became much easier, especially for users who did not have two-factor authentication enabled.

The company says it discovered the flaw in late May and later disabled the affected recovery tool.

More than 20,000 users affected

Meta has now confirmed that 20,225 accounts were impacted by the incident. The company believes the first successful attack may have happened as early as April 2026. Reports suggest several high-profile accounts were also affected during the campaign.

While Meta says it has not found direct evidence that user data was stolen, it has acknowledged that attackers may have been able to access information stored inside compromised accounts. This could include profile details, email addresses, phone numbers, photos, videos, stories, direct messages, account activity history, and other account-related information.

What has Meta done so far?

Following the discovery, Meta disabled the vulnerable recovery system and reset passwords for affected accounts. The company also placed impacted users under additional security checks and required them to verify their identities before regaining access.

Meta says it is now fixing the verification process that allowed the issue to happen in the first place. It is also reviewing similar account recovery systems across its platforms to make sure the same problem does not exist elsewhere.

Add Techlusive as a Preferred SourceAddTechlusiveasaPreferredSource

What should Instagram users do?

While the flaw has been addressed, the incident serves as a reminder to strengthen account security. Users should enable two-factor authentication, regularly review recovery email addresses linked to their accounts, and be cautious about unusual login notifications. These simple steps can make it significantly harder for attackers to take control of an account, even if password recovery systems are targeted.