Meta AI Chatbot Bug Let Hackers Steal 20,000 Instagram Accounts
Key Takeaways
- A bug in Meta's AI support chatbot allowed hackers to receive password reset links for accounts they didn't own
- 20,225 Instagram accounts were compromised, including high-profile pages like Barack Obama's White House account
- Accounts without two-factor authentication were vulnerable; Meta has since disabled the tool and forced security checkpoints
Meta has confirmed that hackers compromised 20,225 Instagram accounts by exploiting a bug in its AI-powered support chatbot. The flaw allowed attackers to request password resets and have the links sent to their own email addresses instead of the legitimate account holders.
The company disclosed the breach in a notice filed with the state of Maine, first spotted by Bleeping Computer. According to Meta, the AI tool itself worked as designed. The problem was in a separate code path that failed to verify whether the email address requesting a password reset actually belonged to the account owner.
How the Exploit Worked
Meta's High Touch Support chatbot was designed to help users recover their accounts. But the verification flaw created a simple attack path: hackers could ask the chatbot for a password reset, provide their own email address, and receive a working reset link. No two-factor authentication bypass was needed. Accounts without 2FA were sitting ducks.
In Meta's own words from the filing: "When an individual provided an email address not previously associated with the account, the system incorrectly sent a password reset link to that unassociated email rather than rejecting the request. This allowed unauthorized third parties to receive a password reset link for accounts they did not own."
According to research findings, attackers used VPNs to spoof the geographic location of their targets, making the requests appear legitimate to the AI system.
High-Profile Targets Hit
The attack wasn't limited to ordinary users. Several high-profile Instagram accounts were compromised during the window, including former President Barack Obama's old White House account, US Space Force Chief Master Sergeant John F. Bentivegna, and cosmetics retailer Sephora.
The attack first surfaced on May 31st. Meta communications head Andy Stone said the company resolved the issue on June 1st. That's a roughly 24-hour window, but clearly enough time for thousands of accounts to be taken over.
What Data Could Have Been Exposed
Meta says it's "unaware" whether any personal data was actually accessed. But the company acknowledges that account hijackers could have obtained email addresses, phone numbers, birthdates, social media posts, direct messages, profile information, account activity, and connected accounts. That's essentially everything.
The 20,225 figure comes with a caveat. Meta describes it as an "upper bound," noting that some accounts flagged as compromised may have been accessed legitimately. The notice specifically mentions that 30 of the impacted users lived in Maine, which triggered the state disclosure requirement.
Meta's Response
The company has taken several steps to contain the damage. Meta disabled the AI support tool entirely and removed the buggy code path. It invalidated all password reset links generated through the exploit. All potentially impacted accounts were enrolled in a mandatory security checkpoint that requires authentication before any access.
“The automation was intended to improve support speed, but it completely bypassed the human verification layers necessary for sensitive account security.”
— Anonymous Cybersecurity Researcher, quoted in Bleeping Computer
The Automation Trade-off
This incident highlights a tension in how tech companies handle customer support. AI chatbots can process requests faster and cheaper than human agents. But security-critical functions like password resets require verification that AI systems can fail to perform correctly.
On Hacker News, users expressed frustration over Meta's approach. The consensus: security-critical tasks should never be fully automated without human oversight. Reddit's r/netsec community pointed out the irony of using Meta's own AI to compromise its platform, and debated whether similar bugs might exist in other enterprise support systems.
The incident is a reminder that speed and efficiency gains from AI automation can come with hidden security costs. When the automated system handles account access, a single bug can scale to tens of thousands of compromised accounts before anyone notices.
Logicity's Take
How to Protect Your Account
The single most important defense against this type of attack is two-factor authentication. Meta's filing explicitly states that only accounts without 2FA were vulnerable. If you haven't enabled it on your Instagram account, do it now.
- Enable two-factor authentication in Instagram Settings > Security > Two-factor authentication
- Use an authenticator app rather than SMS, which can be SIM-swapped
- Review your account's login activity regularly for unauthorized access
- Check your email address and phone number in account settings to ensure they haven't been changed
Frequently Asked Questions
How many Instagram accounts were hacked through the Meta AI chatbot?
Meta confirmed 20,225 accounts were compromised, though the company describes this as an "upper bound" since some flagged accounts may have been accessed legitimately.
Were accounts with two-factor authentication affected?
No. Meta's filing specifies that only accounts without two-factor authentication enabled were vulnerable to this exploit.
Has Meta fixed the Instagram chatbot vulnerability?
Yes. Meta disabled the AI support tool on June 1st, 2026, removed the buggy code path, and invalidated all password reset links generated through the exploit.
What personal data could hackers have accessed?
Account hijackers could potentially access email addresses, phone numbers, birthdates, posts, direct messages, profile information, account activity, and connected accounts.
How can I protect my Instagram account from similar attacks?
Enable two-factor authentication using an authenticator app, review your login activity regularly, and verify your account's contact information hasn't been changed.
Apple's approach to AI integration in iOS 27 offers a contrast to Meta's automation strategy
Need Help Implementing This?
Huma Shazia
Senior AI & Tech Writer
Related Articles
Browse all
Robotaxi Companies Are Hiding How Often Humans Take the Wheel
Autonomous vehicle firms like Waymo and Tesla are under scrutiny for refusing to disclose how often remote operators step in to control their self-driving cars. A Senate investigation reveals major gaps in transparency, raising safety and accountability concerns.
Wisconsin Governor Throws a Wrench in Age Verification Plans
Wisconsin Governor Tony Evers has vetoed a bill that would have required residents to verify their age before accessing adult content online, citing concerns over privacy and data security. This move comes as several other states have already implemented similar age check requirements. The veto has significant implications for the future of online age verification.
Apple's App Store Empire Under Siege: The Battle for the Future of Tech
The long-running feud between Apple and Epic Games has reached a boiling point, with Apple preparing to take its case to the Supreme Court. The tech giant is fighting to maintain control over its App Store, while Epic Games is pushing for more freedom for developers. The outcome could have far-reaching implications for the entire tech industry.
Tesla's Remote Parking Feature: The Investigation That Didn't Quite Park Itself
The US auto safety regulators have closed their investigation into Tesla's remote parking feature, but what does this mean for the future of autonomous driving? We dive into the details of the investigation and what it reveals about the technology. The National Highway Traffic Safety Administration found that crashes were rare and minor, but the investigation's closure doesn't necessarily mean the feature is completely safe.
Also Read
Google NotebookLM Gets Gemini 3.5 and a Cloud Computer
Google's AI note-taking app can now write code, generate visualizations, and find sources automatically. The update runs on the company's Antigravity platform and connects each notebook to a secure cloud computer.
Gogs Patches Critical Zero-Day RCE Flaw After 90-Day Delay
Gogs released version 0.14.3 to fix a critical argument injection vulnerability that allowed authenticated users to execute arbitrary code on servers. The patch came 10 days after Rapid7 publicly disclosed the flaw, and nearly three months after the initial report. Over 2,300 internet-facing Gogs instances remain at risk until administrators upgrade.
5 New Movies to Stream This Week on Netflix, Hulu, and More
This week's streaming lineup features a critically acclaimed stop-motion animated film on Netflix, plus four theatrical releases finding new homes on Hulu and other platforms. The highlights include a $350 million box office hit and a beloved coming-of-age adaptation.