What the Meta AI Security Flaw Was and Who It Affected
The Meta AI security flaw was a bug in Instagram’s AI-assisted account recovery chatbot that allowed attackers to trigger password reset emails to addresses they controlled, exposing at least 20,225 accounts to hijacking and potential data compromise when two-factor authentication was not enabled. Meta disclosed in a filing to the Attorney General of Maine that hackers had been exploiting the password reset vulnerability in the High Touch Support (HTS) tool since 17 April, but the company did not discover the activity until 31 May. According to Meta’s notice, “the system did not properly verify that the email address provided by the individual requesting a password reset matched the email address associated with that user’s Instagram account.” As a result, this AI-powered account recovery chatbot became a new path for Instagram accounts to be hacked, affecting both everyday users and several high-profile profiles.
How Hackers Turned the Account Recovery Chatbot Into an Attack Tool
Under normal conditions, Instagram’s account recovery chatbot is supposed to email a password reset link only to the rightful owner when they are locked out. In this incident, attackers discovered that initiating recovery requests from an IP address in the same region as the victim’s account was enough to make the system trust the session. They could then instruct the AI support bot to send a password reset link to any email address, including one controlled by the attacker, without triggering Instagram’s usual automated protections. Once that link arrived, the attacker could reset the password and take over the account if the owner had not enabled two-factor authentication. This technique spread through Telegram and other social platforms, turning a support feature into a weaponized account recovery chatbot workflow that made an Instagram account hacked scenario far easier than traditional phishing.
What Data Was at Risk When Instagram Accounts Were Hijacked
Once attackers used the password reset vulnerability to log in, they gained the same in-app access as the account owner. Meta has said that contact information, direct messages and linked accounts or services may have been exposed. That includes phone numbers, email addresses, dates of birth, private messages, posts, and account activity history stored in the compromised profiles. PCMag reports that the flaw was used by pro-Iranian hackers to briefly control prominent accounts such as the Obama-era White House handle, beauty retailer Sephora, and a senior official in the US Space Force. While Meta notes it is “unaware of what, if any, personal information was accessed,” the realistic worst case is that hijackers could read DMs, impersonate users, scam followers, and connect stolen Instagram accounts to other platforms or email identities to deepen the compromise.
How Meta Responded and What It Changed in the System
Meta says it moved to contain the incident on the same day it confirmed exploitation of the Meta AI security flaw. The company disabled the AI-assisted support tool behind High Touch Support, removing the vulnerable code path from production so the chatbot could no longer bypass email verification checks. Meta also invalidated all password reset links generated through the faulty process, cutting off ongoing hijacking attempts. In its statement to PCMag, Meta said: "We fixed this issue, secured impacted accounts, and restored individuals' access." The company has pledged to fix the bug before relaunching the AI tool, and has informed regulators via formal breach notices. Still, the lag between the first attacks in mid-April and discovery at the end of May shows how AI-driven support systems can quietly introduce serious security gaps before anyone notices.
Steps You Should Take Now and Lessons for Platform Security
If you are worried your Instagram account was hacked through this issue, start by changing your password and enabling two-factor authentication (2FA) immediately. Check the “Login Activity” section in Instagram’s security settings for unknown devices or locations, and log out of any you do not recognise. Review your connected apps and linked accounts, and revoke access for services you do not use. Monitor DMs and posts for messages you did not send, and warn close contacts if anything suspicious appears. From a broader security standpoint, this incident shows that AI-powered support tools are part of the attack surface and must be tested like any other login or account recovery flow. Strong identity checks, regional rules that cannot be abused, and a default expectation that 2FA will be required are key lessons for every platform rolling out automated account recovery chatbots.
