Meta AI Chatbot Bug Let Hackers Steal 20,000 Instagram Accounts

Key Takeaways

• A bug in Meta's AI support chatbot allowed hackers to receive password reset links for accounts they didn't own
• 20,225 Instagram accounts were compromised, including high-profile pages like Barack Obama's White House account
• Accounts without two-factor authentication were vulnerable; Meta has since disabled the tool and forced security checkpoints

Meta has confirmed that hackers compromised 20,225 Instagram accounts by exploiting a bug in its AI-powered support chatbot. The flaw allowed attackers to request password resets and have the links sent to their own email addresses instead of the legitimate account holders.

The company disclosed the breach in a notice filed with the state of Maine, first spotted by Bleeping Computer. According to Meta, the AI tool itself worked as designed. The problem was in a separate code path that failed to verify whether the email address requesting a password reset actually belonged to the account owner.

How the Exploit Worked

Meta's High Touch Support chatbot was designed to help users recover their accounts. But the verification flaw created a simple attack path: hackers could ask the chatbot for a password reset, provide their own email address, and receive a working reset link. No two-factor authentication bypass was needed. Accounts without 2FA were sitting ducks.

In Meta's own words from the filing: "When an individual provided an email address not previously associated with the account, the system incorrectly sent a password reset link to that unassociated email rather than rejecting the request. This allowed unauthorized third parties to receive a password reset link for accounts they did not own."

According to research findings, attackers used VPNs to spoof the geographic location of their targets, making the requests appear legitimate to the AI system.

High-Profile Targets Hit

The attack wasn't limited to ordinary users. Several high-profile Instagram accounts were compromised during the window, including former President Barack Obama's old White House account, US Space Force Chief Master Sergeant John F. Bentivegna, and cosmetics retailer Sephora.

The attack first surfaced on May 31st. Meta communications head Andy Stone said the company resolved the issue on June 1st. That's a roughly 24-hour window, but clearly enough time for thousands of accounts to be taken over.

What Data Could Have Been Exposed

Meta says it's "unaware" whether any personal data was actually accessed. But the company acknowledges that account hijackers could have obtained email addresses, phone numbers, birthdates, social media posts, direct messages, profile information, account activity, and connected accounts. That's essentially everything.

The 20,225 figure comes with a caveat. Meta describes it as an "upper bound," noting that some accounts flagged as compromised may have been accessed legitimately. The notice specifically mentions that 30 of the impacted users lived in Maine, which triggered the state disclosure requirement.

Meta's Response

The company has taken several steps to contain the damage. Meta disabled the AI support tool entirely and removed the buggy code path. It invalidated all password reset links generated through the exploit. All potentially impacted accounts were enrolled in a mandatory security checkpoint that requires authentication before any access.

“The automation was intended to improve support speed, but it completely bypassed the human verification layers necessary for sensitive account security.”

— Anonymous Cybersecurity Researcher, quoted in Bleeping Computer

The Automation Trade-off

This incident highlights a tension in how tech companies handle customer support. AI chatbots can process requests faster and cheaper than human agents. But security-critical functions like password resets require verification that AI systems can fail to perform correctly.

On Hacker News, users expressed frustration over Meta's approach. The consensus: security-critical tasks should never be fully automated without human oversight. Reddit's r/netsec community pointed out the irony of using Meta's own AI to compromise its platform, and debated whether similar bugs might exist in other enterprise support systems.

The incident is a reminder that speed and efficiency gains from AI automation can come with hidden security costs. When the automated system handles account access, a single bug can scale to tens of thousands of compromised accounts before anyone notices.

How to Protect Your Account

The single most important defense against this type of attack is two-factor authentication. Meta's filing explicitly states that only accounts without 2FA were vulnerable. If you haven't enabled it on your Instagram account, do it now.

• Enable two-factor authentication in Instagram Settings > Security > Two-factor authentication
• Use an authenticator app rather than SMS, which can be SIM-swapped
• Review your account's login activity regularly for unauthorized access
• Check your email address and phone number in account settings to ensure they haven't been changed

Frequently Asked Questions

How many Instagram accounts were hacked through the Meta AI chatbot?

Meta confirmed 20,225 accounts were compromised, though the company describes this as an "upper bound" since some flagged accounts may have been accessed legitimately.

Were accounts with two-factor authentication affected?

No. Meta's filing specifies that only accounts without two-factor authentication enabled were vulnerable to this exploit.

Has Meta fixed the Instagram chatbot vulnerability?

Yes. Meta disabled the AI support tool on June 1st, 2026, removed the buggy code path, and invalidated all password reset links generated through the exploit.

What personal data could hackers have accessed?

Account hijackers could potentially access email addresses, phone numbers, birthdates, posts, direct messages, profile information, account activity, and connected accounts.

How can I protect my Instagram account from similar attacks?

Enable two-factor authentication using an authenticator app, review your login activity regularly, and verify your account's contact information hasn't been changed.