META'S AI CHATBOT LETS HACKERS HIJACK 20,000 INSTAGRAM ACCOUNTS

Meta's AI-powered customer support chatbot gave hackers a direct path to hijack Instagram accounts, according to a letter the company sent to Maine Attorney General Aaron Frey. The vulnerability, which Meta described as "a vulnerability in the AI-assisted account recovery system for Instagram... that was exploited by unauthorized third parties to perform password resets on Instagram user accounts", allowed unauthorized third parties to reset Instagram passwords en masse. The company confirmed 20,225 accounts were compromised, including 30 belonging to Maine residents.

HOW THE EXPLOIT WORKED

The hack exploited Meta's AI-assisted account recovery system, which the company rolled out in March to handle "24/7 help for account issues like updating your password and settings for your profile" The process was straightforward enough to demonstrate in a video that circulated on X. Hackers asked the AI chatbot to change the target account's email address to one they controlled. Once the AI complied, they requested a password reset. The AI sent the reset code to the hackers' newly assigned email address. After verifying the reset, they owned the account.

The attackers did not need the victim's original email address or password. They used VPNs to mask their location, making it appear as though the account takeovers originated from the targets' own geographic areas. Without two-factor authentication enabled on the target account, the entire hijacking required nothing more than a conversation with a chatbot.

THE TIMING IS...

Meta acknowledged the vulnerability in a letter to the Maine Attorney General's office dated June 5. The company said "the exploit was fixed as of June 1" That left a window where the exploit was actively being used while the company presumably worked on a fix. During that period, users reported account takeovers on Reddit and X, describing a wave of sudden lockouts and hijacked profiles.

After discovering the breach, Meta forcibly logged affected users out of their accounts, restored their original email addresses, and instructed them to reset passwords and reauthenticate their logins. The company said it will send a second notice reminding users to enable two-factor authentication.

GET TWO-FACTOR AUTH, LIKE NOW.

The exploit did not work on accounts with multifactor authentication enabled. On those accounts, the reset code went to the user's authentication app or was sent by text message, neither of which the hackers could intercept through the AI chatbot. Meta confirmed that enabling MFA would have protected against this exploit entirely.

The distinction is stark: the same AI chatbot that handed over account control to strangers through a simple email change request simply could not bypass MFA. The feature that was supposed to make account recovery easier became the vector for the largest Instagram breach in the company's recent memory, and it only failed for users who had not turned on a security setting that takes under a minute to enable.

WHAT THIS HACK REVEALED

This was not a sophisticated supply chain attack or a zero-day exploit in the traditional sense. The vulnerability was in the interface between an AI chatbot designed to help users and a password reset flow that trusted the chatbot's inputs without additional verification. When Meta replaced its human support staff with AI in March, the system gained scale but lost the ability for a human to recognize suspicious patterns in real time.

The 20,225 number is large, but it represents a fraction of Instagram's user base. What matters more is the mechanism: a company that positions its AI as a feature rather than a risk convinced users to let a chatbot handle account security, and that chatbot proved about as trustworthy as handing your keys to a stranger who asked politely. Meta says a second notice will be sent to remind people to enable two-factor authentication.