A vulnerability in Meta’s AI-powered support assistant allowed hackers to take over Instagram accounts by manipulating the chatbot into changing account recovery details, exposing weaknesses in the company’s automated customer support system before the issue was patched.
The flaw reportedly enabled attackers to reset passwords and gain access to accounts without ever controlling or accessing the victim’s registered email address.
Instead, hackers allegedly convinced the AI support assistant to replace a target account’s recovery email with one under their control, creating a direct path to a password reset.
Meta has since confirmed the issue has been fixed.
Meta Vice President of Communications Andy Stone wrote on X,
“This issue has been resolved and we are securing impacted accounts.”
The company has not disclosed how many users were affected before the patch was rolled out.
According to reports from security researchers and media outlets, the attack relied more on manipulating the AI support system than exploiting Instagram’s core infrastructure.
Attackers would begin by launching Instagram’s account recovery process while using a virtual private network (VPN) configured to appear as if they were located in the same region as the target account holder.
Meta’s support systems reportedly used location data as one of several trust signals.
By matching the victim’s geographic region, attackers were able to avoid triggering some automated security checks.
The next step involved contacting Meta’s AI support assistant and requesting that a new email address be linked to the target account.
Once the chatbot approved the change, a verification code was sent to the attacker-controlled email address.
Providing that code back to the AI assistant reportedly unlocked a password reset process, allowing the attacker to change account credentials and assume control.
Videos circulating among cybersecurity researchers appeared to demonstrate the process, while some reports claimed attackers were also able to satisfy identity verification requests using AI-generated selfie videos.
The flaw gained wider attention after several notable Instagram accounts were reportedly compromised.
Among them was a verified Instagram account used by the White House during the administration of former US President Barack Obama, which reportedly still has more than 2.4 million followers.
Reports claimed the account briefly published pro-Iran content before access was restored.
Other affected accounts reportedly included beauty retailer Sephora, the Instagram account of Chief Master Sergeant of the United States Space Force John Bentivegna, as well as several highly sought-after "OG" Instagram usernames that can command substantial prices in underground markets.
Security researcher and former Meta employee Jane Manchun Wong also said she was affected by the incident.
She wrote on X,
"The password got changed without my knowledge and I was getting different password reset attempts throughout yesterday."
"Quite concerning."
In a separate post on X, she wrote that her Instagram password had been "changed without my knowledge" while she continued receiving repeated password reset attempts.
Reports indicate evidence of the exploit had been circulating long before Meta publicly acknowledged the problem.
Cybersecurity researchers and members of hacking-focused Telegram channels reportedly shared screenshots, videos and discussions detailing the technique.
According to 404 Media, conversations about the flaw could be traced back to March, around the same time Meta expanded its AI support assistant across Facebook and Instagram.
The rollout gave the chatbot authority to perform sensitive account-related actions, including password recovery and account maintenance tasks that were traditionally handled through stricter verification procedures.
As more account takeovers emerged, researchers began connecting the incidents to the AI support system.
The incident has also reignited debate over the growing reliance on AI-powered customer service tools.
Several affected users said they struggled to find a way to contact a human support representative after losing access to their accounts.
One user wrote on X:
“We're at the point where one AI stole it and another can't fix it, zero humans in the loop anywhere.”
Meta's support pages promote the AI assistant as a tool capable of taking direct action on behalf of users, including helping with password resets and account recovery.
Source: Meta
Critics argue that when AI systems are granted authority over sensitive security functions, errors can become far more consequential than simple customer service mistakes.
Marijus Briedis, chief technology officer at NordVPN, said AI support tools can become dangerous when they are given excessive privileges without sufficient safeguards.
“When AI chatbots have too much authority and too little verification, they can become a serious security risk.”
He added that account recovery remains one of the most sensitive functions on any online platform and should not prioritise convenience over identity verification.
Coinlive believes the Instagram incident raises a larger question that extends far beyond Meta.
As AI systems move from answering questions to making decisions and performing account-level actions, the line between assistant and gatekeeper becomes increasingly blurred.
Automation can reduce friction and speed up support, but every new responsibility handed to AI also creates a new point of failure.
The challenge for technology companies is no longer whether AI can perform these tasks, but whether enough safeguards exist when it gets them wrong.
Ethereum's Pectra hard fork introduces a groundbreaking social recovery feature, enhancing user security. However, concerns linger regarding the potential risks associated with delegated asset ownership.
WeiliangInvestment fraud victims seek return of $4.3 billion in Bitcoin seized by the UK government, following convictions in a related money laundering case.
AlexRedStone Oracles secures a monumental $500 million deal with Ether.Fi, enhancing its capabilities in the burgeoning AVS landscape.
WeiliangThe court's ruling mandated the hacker to forfeit $12.3 million and provide $5 million in restitution.
CatherineThis group of scammers has been associated with numerous rug pulls, including projects like Magnate, Kokomo, Solfire, and Lendora.
KikyoNotcoin's conversion rate for in-game coins to crypto tokens is set at 1,000 to 1 NOT, ensuring fairness for all players. The project also aims to combat bot activity and introduce innovative monetisation strategies, fostering a dynamic gaming ecosystem.
JoyIRS expects a surge in crypto tax crime cases amidst the tax filing deadline. Collaborations with firms like Chainalysis aim to bolster enforcement efforts. Taxpayers are urged to comply with reporting requirements to avoid legal repercussions.
AlexCoinbase files for an interim appeal in its legal battle with the SEC, aiming to challenge the regulator's classification of digital asset transactions as investment contracts. If successful, this move could have significant implications for the U.S. crypto sector.
MiyukiJapan's crypto traders may soon see significant tax reforms, as the LDP moves forward with its plans to support the crypto industry and embrace the web3 revolution.
WeiliangThe crypto exchange is pursuing an appeal following a recent court decision that denied its motion to dismiss, specifically targeting the SEC's authority to classify secondary trades as investment contracts.
Catherine