Meta AI Chatbot Exploited to Hijack 20,000+ Instagram Accounts

Meta has disclosed that attackers exploited its AI-powered support chatbot to compromise at least 20,225 Instagram accounts, according to a data breach notification filed with the state of Maine.

The vulnerability allowed unauthorized parties to hijack accounts without needing two-factor authentication credentials. Attackers simply requested password resets through the AI chatbot, which then sent reset links to email addresses the hackers controlled rather than the legitimate account owners.

How the exploit worked

Meta attributed the security failure to what it called a "bug in a separate code path." While the AI support tool itself functioned as designed, the underlying system failed to verify that the email address provided during a password reset request matched the email associated with the target Instagram account.

When attackers supplied an unauthorized email address, the system incorrectly processed the request and sent the password reset link to that unassociated address instead of rejecting it. This allowed complete account takeovers without the victim's knowledge or consent.

Timeline and impact

The attack campaign began on May 31st, according to Meta's filing. The company resolved the vulnerability on June 1st, Meta communications head Andy Stone confirmed. Despite the brief window, the exploit affected several high-profile accounts, including former President Barack Obama's archived White House Instagram account, US Space Force Chief Master Sergeant John F. Bentivegna, and beauty retailer Sephora.

Meta stated it remains "unaware" whether attackers accessed personal data from the compromised accounts. However, the company acknowledged that hijackers could have potentially obtained email addresses, phone numbers, birth dates, social media posts, direct messages, profile information, account activity logs, and information about connected accounts.

The breach notification indicated that 30 of the affected users resided in Maine, triggering the state's disclosure requirements.

Why it matters

This incident exposes a critical blind spot in AI-powered customer service systems. As companies increasingly deploy chatbots to handle sensitive account operations like password resets, they must ensure these AI interfaces cannot bypass fundamental security controls. The vulnerability demonstrates that AI tools can create new attack surfaces even when the AI itself operates correctly—the risk lies in how these systems integrate with existing security infrastructure. For enterprises deploying AI assistants with account management capabilities, this breach underscores the need for rigorous verification layers that cannot be circumvented through conversational interfaces.

The details were first reported by The Verge, with the breach notification originally spotted by Bleeping Computer.