Meta AI flaw allowed hackers to seize Instagram accounts, company confirms

In March, Meta expanded AI-powered customer support across Facebook and Instagram

Meta chatbot assistant allowed hackers to change Instagram account recovery details.

Meta has acknowledged that a security flaw in its AI-powered customer support system allowed attackers to take control of Instagram accounts by persuading the AI chatbot to change account recovery details.

The vulnerability, which has now been fixed, reportedly enabled hackers to hijack accounts simply by asking Meta's automated support assistant to replace a victim's registered email address with one controlled by the attacker.

Reports of the exploit emerged after several high-profile Instagram accounts appeared to be compromised over the weekend. Among them was the @obamawhitehouse account, which briefly displayed posts containing pro-Iranian political imagery before access was restored.

Security researchers also identified apparent compromises affecting accounts linked to US Space Force Chief Master Sergeant and beauty retailer Sephora.

Meta said it had resolved the issue and was working to secure affected accounts.

"This issue has been resolved and we are securing impacted accounts," Meta communications executive Andy Stone said in a statement posted on social media.

How the exploit worked

Videos circulated in Telegram groups frequented by security researchers and hackers appeared to demonstrate the attack.

According to those demonstrations, attackers first initiated a password reset for a target account. They then contacted Meta's AI support chatbot and requested that a new email address be linked to the account.

In some cases, the chatbot reportedly sent a verification code directly to the attacker's email address. Once verified, attackers could complete a password reset and gain access to the account.

Security channels discussing the flaw claimed the process required little technical expertise.

Attackers allegedly used virtual private networks (VPNs) to match the geographic region of their targets before interacting with the chatbot.

One Telegram post described the process as: "VPN to match the target account country region, reset password, ask for more help, chat with AI, ask AI to switch email."

High-value usernames targeted

Researchers monitoring the attacks said many victims owned rare or highly desirable usernames consisting of a single letter or common word.

Among those reporting account issues was security researcher Jane Manchun Wong, known for uncovering hidden features in major technology platforms. Writing on X, Wong said her Instagram password had been changed without her knowledge and that she experienced repeated password reset attempts before losing access.

AI-driven support

The incident comes after Meta in March expanded AI-powered customer support across Facebook and Instagram. The company promoted the system as a way to provide users with practical assistance for account recovery, password resets and security settings.

On its product page, Meta described the service as offering "solutions, not just suggestions" for account security and recovery.

Cybersecurity experts have long warned that AI systems can be vulnerable to manipulation, particularly when granted authority over sensitive account-management functions. Some users whose accounts were compromised complained that there was no effective way to escalate problems to a human representative once access was lost.

The security lapse also arrives amid wider scrutiny of Meta's workforce reductions and increasing reliance on automation.

Like many technology companies, Meta has carried out significant layoffs in recent years while investing heavily in AI.

Technology analyst Gergely Orosz, author of The Pragmatic Engineer newsletter, said Instagram's trust and safety operations had undergone substantial staffing changes, with some employees reportedly reassigned to AI-related projects.

"Apparently this was not a sophisticated hack," Orosz worte. "But engineers at Instagram going overboard to use AI for everything, and having no incentives for stuff likeā€¦ security."

"You get what you incentivize. A warning for any company wanting to copy Meta."