What Happened: An AI Chatbot Turned into an Attack Tool
Meta’s AI-assisted Instagram account recovery chatbot vulnerability was a security flaw that let attackers change recovery emails and trigger password resets to their own inboxes, turning the support bot into a convenient tool for Instagram account hacking. Instead of confirming that the email requesting help matched the account owner’s email, the AI chatbot accepted any address and sent a reset link there. Hackers promoted prompts on Telegram that walked others through asking Meta AI to link a target’s Instagram account to a new email, entering a verification code, and then using a password reset option shown by the bot. Pro-Iranian actors used this method to briefly take over high-profile accounts, including Barack Obama’s White House profile, beauty retailer Sephora, and the US Space Force’s chief master sergeant, before those accounts were restored.
How the Password Reset Exploit Worked Behind the Scenes
Meta’s own breach filing explains that the AI-assisted account recovery system had a bug in a separate code path that controlled email checks during password resets. Instead of rejecting mismatched emails, the backend accepted any email address and sent a password reset link to that destination. According to Meta’s report to Maine’s attorney general, “the system did not properly verify that the email address provided by the individual requesting a password reset matched the email address associated with that user’s Instagram account.” In practice, attackers only needed to start recovery from an IP address in the same region as the victim and then supply an attacker-controlled email. Once they used the link to change the password, accounts without two-factor authentication were wide open, showing how a single AI chatbot vulnerability can cascade into mass compromise.
The Scale of the Meta AI Security Flaw and a Failed Fix
Meta’s data breach notice says the flaw in Instagram’s AI-assisted recovery tool affected 20,225 users and was exploited from April 17. That turns what looked like a fringe trick into a significant incident, especially as the password reset exploit spread across Telegram and social media. While Meta’s communications chief Andy Stone said the “issue has been resolved and we are securing impacted accounts,” security researchers and users reported that Instagram account hacking continued. Developers and reverse engineers argued that Meta removed the “Get Support” button on the frontend but left vulnerable backend API endpoints in place, meaning attackers could still call the same recovery functions indirectly. This gap between user interface changes and backend security fixes showed that cosmetic patches are not enough when AI systems sit on top of sensitive account recovery workflows.
Why AI Missteps Matter: ‘Like an Inexperienced Employee’
Security specialists compared Meta’s chatbot behaviour to a new staff member who follows instructions without checking identity. One expert described it as a “move fast and break things” mindset backfiring, where AI is pushed into support roles before account security is strengthened. The bot treated natural-language prompts about changing emails and sending reset links as legitimate requests, without strict verification of ownership or consistent enforcement of two-factor authentication checks. ESET’s Jake Moore warned that platforms are pushing AI innovation faster than they improve basic security, which makes AI-powered support channels attractive to attackers. When an AI system can change contact details and trigger logins, it must be held to higher standards than a typical help widget. This incident underlines the risk of delegating security-critical actions to AI tools that lack strict identity checks and clear guardrails.
What Instagram Users Should Do Now to Stay Safe
For users, the lesson from this AI chatbot vulnerability is to treat account recovery as a prime attack target and harden it. Enable strong two-factor authentication on Instagram, ideally using an authenticator app, so that a stolen password alone cannot grant access. Regularly check which email addresses and phone numbers are linked to your account, and change your password if you see unfamiliar login alerts or password reset emails you did not request. Be wary of phishing emails that may copy Meta branding, and always access support through the official Instagram or Meta apps, not links shared by strangers. If you lose access, act quickly through trusted recovery channels and contact support to document that your account may have been caught in this specific password reset exploit. The faster you respond, the harder it is for attackers to maintain control of a hijacked profile.
