Cybersecurity experts have warned that hackers can obtain Instagram users' personal details, including email addresses and phone numbers, using only a username. The discovery follows a separate security flaw that allowed attackers to access accounts via Meta's AI chatbot.
The newsletter International Cyber Digest reported that Instagram's account recovery function can be exploited to gain authenticated access to sensitive information. The team tested the method on celebrity accounts and successfully retrieved details for footballer Kylian Mbappé and Georgina Rodríguez, wife of Cristiano Ronaldo.
In a post on X, Cyber Digest described the issue as 'yet another Meta f***-up,' noting that the recovery function allows unauthenticated access to full account personally identifiable information. The newsletter also uncovered linked social media and wine-app accounts belonging to several public figures.
Last week, it was reported that hackers had tricked Meta's AI chatbot into changing passwords for around 100 high-value accounts, some of which were sold on black market services. Among the compromised accounts was former US President Barack Obama's now-unused White House Instagram, which has over 2.4 million followers.
Former Meta security engineer Jane Manchun Wong confirmed her account was hacked, stating on X: 'The password got changed without my knowledge and I was getting different password reset attempts throughout yesterday. And I got repeatedly logged out from the IG iOS app.'



