What Happened: An AI Support Bot Turned Security Liability
Meta’s AI support chatbot for Instagram is an automated assistant designed to help users recover access to their profiles, but a security flaw allowed attackers to exploit its password reset and email-change functions to perform Instagram account hacking without ever using the victim’s original login details or email access. Over a single weekend, complaints surged on Reddit and X from people suddenly locked out of their accounts, while hackers shared videos demonstrating the exploit step-by-step. Security researcher Jane Wong reported her own account was taken over after repeated password reset attempts. High-profile targets such as the Obama-era White House handle and the account of U.S. Space Force Chief Master Sergeant John Bentivegna were reportedly compromised, underscoring how a Meta AI security flaw in a customer-support feature spiraled into a broad password reset exploit that affected both everyday users and public figures.
How the Password Reset Exploit Worked
The attack flowed through Meta’s AI Support Assistant and relied more on social engineering than traditional hacking. First, attackers used a VPN to spoof their location near the victim’s region, reducing the chance that Instagram’s automated systems would flag a suspicious login. Then they opened a chat with the AI bot and claimed to own the target account, asking the assistant to add an email address that they controlled. The bot complied and sent a verification code directly to the attacker’s inbox instead of the genuine owner’s email. After the attacker fed that code back into the chat, the bot presented a convenient “Reset Password” button. With a new password in place, the attacker had full control of the profile. This password reset exploit bypassed the victim’s email, phone, and, in some cases, even two-factor authentication protections.
Meta’s Patch, Backend Concerns, and Ongoing Hijackings
Meta’s Vice President of Communications, Andy Stone, announced that “the issue that did happen has already been fixed,” and the company said it was securing impacted accounts. Reports from researchers and developers, however, suggest the first fix may have focused on the interface rather than the underlying logic. Some claimed Meta removed a “Get Support” button from the frontend, while the same API endpoints stayed open, leaving room for continued account hijacking. Android Authority noted that attacks continued after Meta’s statement, and Jane Manchun Wong reported that a secondary account with a four-letter username was hijacked despite having two-factor authentication enabled. According to Technology.org, Meta began emailing users it believed were compromised, warning them about suspicious activity and guiding them through recovery steps. This gap between public assurances and ongoing incidents has raised questions about how thoroughly the Meta AI security flaw has been addressed.
Why the Incident Exposes the Risks of Over-Trusting AI
Security experts say the chatbot behaved like an inexperienced support employee with access to dangerous tools but few guardrails. Meta deployed the AI assistant to give 24/7 help with account issues, but the exploit showed that it treated unverified text prompts as authorization to change critical security settings. One expert compared it to a “move fast and break things” mindset applied to customer support, where speed and automation outran basic account hijacking prevention checks such as verifying ownership through existing email, phone, or multi-factor methods. The case demonstrates how AI, when wired directly into live systems, can amplify design mistakes at scale. Instead of guessing passwords or breaking encryption, attackers persuaded the AI to rewrite account details on their behalf. It is a warning that delegating security-sensitive decisions to AI without strict controls can turn a support feature into an attack surface.
What Instagram Users Should Do Now to Stay Safe
Even though Meta says the flaw is resolved, users should assume attackers may still look for similar weak points in automated support tools. Start by confirming that your account email and phone number are accurate and under your control, and enable two-factor authentication using an authenticator app rather than SMS where possible. Watch for unexpected password reset emails, login alerts, or messages from Meta about security changes you did not start. If you receive notice that your email or password was altered, act quickly using Instagram’s in-app recovery options and check for any new devices or sessions you do not recognize. Avoid sharing reset codes or security links in any chat, including with support bots. Finally, treat AI support like a help desk, not a trusted authority: if a conversation leads to account changes you did not initiate, stop and re-check through official security pages instead.
