Meta is facing serious questions about the security of its AI-powered support tools after a series of high-profile Instagram account takeovers revealed a critical flaw in how its chatbot handles account recovery requests.
What Happened
A flaw in Meta’s AI-powered customer support system allowed hackers to seize control of Instagram accounts by convincing a chatbot to assist them. Security researchers said the weakness turned Meta’s own automated support tools into an unlikely weapon.
Over several days, Telegram groups for security researchers and hacking groups shared videos and screenshots of the steps taken to steal an account, which appeared to be shockingly easy. One video showed a hacker starting a conversation with Meta’s AI support bot and asking it to link the target account with a new email address. Once that email swap was approved, attackers could request a password reset code and lock legitimate users out.
Accounts Compromised
The breach allowed hackers to seize accounts, including the dormant Obama White House page, beauty retailer Sephora, and a senior U.S. Space Force official. Attackers also targeted premium, short-handle Instagram accounts known in underground markets for their resale value.
The Core Vulnerability
The exploit was not a traditional server breach because Meta confirmed no backend systems were compromised. The vulnerability lived in the AI’s logic layer, which lacked proper rate-limiting or authentication enforcement before acting on reset requests.
The chatbot was persuaded to reset account credentials without independently verifying identity, effectively turning a high-trust security tool into a significant weakness, according to cybersecurity experts. Instagram accounts without multi-factor authentication appeared to be most vulnerable.
Meta’s Response
Meta said the issue had been resolved, and affected accounts were being secured. However, the company has not disclosed an affected-account count, which safeguards changed after the fix, or whether attacker identities have been established.
The incident raises broader questions about Meta’s AI rollout timeline. In March, Meta announced it was pushing AI support to all accounts across Facebook and Instagram, with the ability to reset passwords and perform other critical account maintenance functions. Users who have had their accounts stolen say there is no way to escalate their problem to a human, a direct consequence of that same automation.
A Wider Industry Warning
Ian Goldin, a threat researcher at Lumen’s Black Lotus Labs, described the support-bot hijackings as part of a wider security problem for automated support systems, warning that AI chatbots create new attack surfaces and that similar attacks are likely to increase.
Security experts are strongly recommending that users enable app-based two-factor authentication (such as Google Authenticator or Authy) rather than SMS-based verification, and use a private email address not publicly linked to their Instagram profile. Accounts with active 2FA were not compromised in this attack.
