Over 20,000 Instagram Accounts Stolen in Meta AI Hack

Meta announced on June 8, 2026, that 20,225 Instagram users fell victim to a hack in which attackers exploited the company's AI-powered support system to reset passwords. The security vulnerability allowed the perpetrators to gain unauthorized access to the accounts and take them over. The attackers used a method that enabled them to impersonate users and misuse the password reset function. Meta has already taken steps to close the security gap and inform the affected users.

The affected accounts have been temporarily suspended to prevent further abuse. Meta emphasized in a statement that user security is the highest priority. The company is working closely with law enforcement to identify the attackers and initiate legal action. Investigations are already underway to clarify the circumstances of the attack. Affected users have been urged to secure their accounts and change their passwords.

Meta has also recommended additional security measures, including enabling two-factor authentication to prevent future attacks. This feature provides an extra layer of protection by requiring a second confirmation during login. The incidents raise questions about the security of AI-powered systems. Experts warn that while such technologies offer many benefits, they can also be vulnerable to abuse. The use of AI in customer support may be subject to stricter regulations in the future to prevent similar incidents.

Meta has announced plans to review and update its security protocols as necessary. The company intends to inform users about any changes and improvements. The response to the incident is being closely monitored by users, as trust in the platform is at stake. The security vulnerability has been classified as CVE-2026-1234. This flaw affects not only Instagram but could also impact other Meta platforms.

Security researchers recommend that companies using similar systems review and adjust their security measures. Meta has already taken initial steps to restore the affected accounts. Users who have lost their accounts can contact support through a special form. The company has assured that all inquiries will be prioritized. The incidents have also sparked discussions about the responsibility of tech companies regarding data security.

Critics are calling for companies like Meta to be more transparent about security incidents and to take proactive measures to protect users. The debate over social media security is expected to intensify in the coming weeks. Meta plans to publish the results of its internal investigation by the end of June 2026. The company has committed to keeping users informed about all progress and changes in security policies.