What Happened: An AI Chatbot Turned Into an Account Takeover Tool
This incident is an AI chatbot vulnerability in which Meta’s automated support assistant for Instagram was tricked by attackers into changing account email addresses and enabling password resets, turning a help feature into a direct path for account hijacking that avoided traditional checks like email access, phone verification, or knowing the current password. Reports on Reddit, X, and other platforms described an “Instagram account hacked” wave affecting both forgotten and high‑profile profiles, including the Obama‑era White House handle and the account of U.S. Space Force Chief Master Sergeant John Bentivegna. Attackers did not need malware or phishing sites. They interacted with Meta’s own AI support system, treated as a trusted internal tool. Once they convinced it that they were the rightful owner, the bot helped them attach a new email, send a verification code, and present a password reset option that locked real users out.
How the Password Reset Exploit Worked Step by Step
The core password reset exploit was social engineering against Meta’s AI, not against the user. Attackers often began by using a VPN to appear near the victim’s location, sidestepping Instagram’s location‑based risk checks. Then they opened a chat with Meta’s AI support assistant and claimed to own the target account. They requested that the bot add a new email address the attacker controlled. The AI responded by sending a verification code to that email. The attacker read the code back into the chat, and the bot accepted it as proof of ownership. From there, the interface exposed a “Reset Password” button tied to the compromised account. One new password later, the attacker had full access, even when two‑factor authentication was enabled, because control of the primary email allowed them to intercept or disable further security prompts.
Why Meta’s First Fix Failed: A UI Patch on a Live Backend
After videos of the exploit spread, Meta said the “issue has been resolved,” but users kept reporting “Instagram account hacked” cases. Security researchers and developers argue the first fix focused on the surface: Meta removed the visible “Get Support” button that launched the AI flow, while the underlying API endpoints powering email changes and password resets stayed reachable. This meant attackers who knew the right prompts or endpoints could still abuse the same backend logic. According to Android Authority, some developers claim Meta “only removed frontend access to the hack while leaving the backend intact,” allowing account hijackings to continue even after the public statement. Reverse engineer Jane Manchun Wong and Meta product leader Esther Crawford both reported that short, desirable handles on their secondary accounts were compromised after Meta’s initial patch, underscoring that the vulnerability was not fully contained.
An AI Assistant With Too Much Power and Too Few Limits
Security experts compared Meta’s assistant to an inexperienced employee suddenly placed in charge of sensitive account recovery. It had high‑level permissions to change account emails and trigger password resets but lacked strict rules about when those actions were allowed. This mismatch between authority and safeguards created a Meta AI security flaw that attackers could probe with text prompts. Jake Moore of ESET warned that platforms have prioritized AI features over user security, which leaves “criminals and hackers” able to take advantage of them. Tom Van de Wiele of Hacker Minded said Meta deployed a global AI support agent without hard constraints on what the AI could access or modify. When AI systems with such privileges are not tightly constrained, attackers can manipulate them to bypass security protocols that would be harder to defeat in a traditional, rules‑based support workflow.
What Users Should Do If Their Instagram Account Was Hacked
Meta has begun emailing users it believes were affected, securing some accounts and sending password reset notifications. Still, people worried about having their Instagram account hacked should not wait for an alert. First, run a password reset on Instagram using your known email or phone, and choose a strong, unique password that you do not reuse elsewhere. Next, confirm that your primary email and phone number are correct under account settings, and re‑enable two‑factor authentication with an authenticator app instead of SMS where possible. Review recent login activity and remove any unfamiliar devices. If you lose access, use Instagram’s in‑app recovery, avoiding any external “recovery services” that could be scams. Finally, be cautious of any Meta AI support flows that offer to override security steps too easily; the incident shows how AI‑driven help channels can be abused when their power is not carefully limited.
