What Happened: An AI Chatbot Turned Into a Password Reset Shortcut
The Instagram AI support tool incident refers to a security flaw in Meta’s AI-assisted account recovery chatbot that allowed attackers to redirect password reset emails to their own addresses, enabling large-scale account takeovers when two-factor authentication was not enabled. Meta’s AI-powered High Touch Support (HTS) tool was designed to help people who were locked out of their Instagram accounts regain access by sending a password reset link to the owner’s email. Instead, a bug in a separate code path meant the system did not correctly check whether the email entered matched the one on file for that account. As a result, the chatbot became an easy path for “Instagram account hacked” scenarios, turning what should have been a secure recovery feature into a password reset exploit.
How Hackers Exploited Meta’s AI Security Flaw
Attackers discovered that by using the AI-assisted account recovery chatbot, they could ask it to send a password reset link to any email address they controlled. According to Meta’s notice, “the system did not properly verify that the email address provided by the individual requesting a password reset matched the email address associated with that user’s Instagram account.” In practice, the only real constraint reported was that the request had to come from an IP address in the same region as the victim’s account. Once the reset link arrived in the attacker’s inbox, they could set a new password and take over the account if two-factor authentication was not turned on. This password reset exploit spread quickly on Telegram and social platforms, where step‑by‑step hijacking instructions went viral.
Impact: 20,225 Accounts and Sensitive Instagram Data at Risk
Meta disclosed in a data breach filing that 20,225 Instagram users were affected when hackers abused the AI-assisted recovery tool. The company said it first saw exploitation on 17 April and only discovered the issue on 31 May, before notifying authorities on 5–6 June. High-profile accounts were among those hit, including the inactive Instagram handle for the Obama-era White House, beauty retailer Sephora, and a senior official from the US Space Force. Once logged in, attackers could potentially access contact information, direct messages, birth dates, posts, and connected or linked services such as email addresses. For many victims searching “Instagram account hacked,” the first signs were logouts, unfamiliar posts, or changed recovery details. Even though Meta has since secured impacted accounts, any exposed messages or personal data may already have been copied or misused.
Meta’s Response and Fixes to the Account Recovery Chatbot
After confirming that its AI-assisted account recovery system had been abused, Meta disabled the vulnerable feature and removed the faulty code path from production. The company also invalidated all password reset links generated through the hijacking method so that previously issued links could no longer be used to compromise accounts. In its notice, Meta said it “fixed this issue, secured impacted accounts, and restored individuals’ access.” The company has stated it will address the bug before relaunching the AI tool, which means additional checks should verify that any email used for recovery matches what is stored on the account. While Meta emphasised that HTS itself worked as designed, this incident shows how even a small validation error in a supporting component can undermine an entire AI security feature.
What Users Should Do Now—and Lessons for AI Security
If you worry about your Instagram account hacked in this incident, first change your password to one that is unique and long, and then enable two-factor authentication immediately. Check recent login activity and connected apps inside Instagram’s security settings, and revoke access for devices or services you do not recognise. Review your direct messages and profile details for signs of tampering or data theft. Beyond individual steps, this breach highlights a bigger issue: when AI systems are built into security-critical workflows such as account recovery, basic safeguards like strict email verification, rate limiting, and human review for unusual cases are essential. The Meta AI security flaw shows that convenience features can turn into powerful attack tools if input validation is weak. Any future account recovery chatbot must treat identity checks as a hard boundary, not a suggestion.
