Overview of the Security Incident
Meta has confirmed that hackers likely hijacked at least 20,225 Instagram accounts by exploiting a bug in the company's AI-powered support chatbot. The revelation came in a notice filed with the state of Maine, as first spotted by Bleeping Computer. The exploit allowed attackers to bypass two-factor authentication and gain control of accounts simply by requesting a password reset through the chatbot.
How the Exploit Worked
According to Meta's filing, the AI support chatbot functioned as intended, but a bug in a separate code path caused the system to fail to verify that the email address provided by the user requesting a password reset matched the email address associated with the Instagram account. As a result, when an attacker provided an email address not previously linked to the account, the system incorrectly sent a password reset link to that unassociated email. This allowed unauthorized third parties to receive password reset links for accounts they did not own, effectively enabling them to take over the accounts.
Timeline and Impact
The attack first surfaced on May 31, 2026. Meta's communications head, Andy Stone, stated that the company resolved the incident on June 1, 2026. During this window, several high-profile Instagram accounts were compromised, including former President Barack Obama's old White House account, US Space Force Chief Master Sergeant John F. Bentivegna, and the Sephora brand account. The breach affected a total of 20,225 accounts, though Meta noted that it is unaware of whether any personal data was accessed as a result of the exploit.
Potential Data at Risk
Meta's filing indicated that account hijackers could have obtained a range of personal information, including email addresses, phone numbers, birthdates, social media posts, direct messages, profile information, account activity, and connected accounts. The company emphasized that it is not aware of any actual data access, but the potential for data exposure remains a concern for affected users.
Meta's Response and Remediation
Meta has since fixed the bug and is working to restore access to compromised accounts. The company has not disclosed whether it will offer additional security measures or compensation to affected users. The incident highlights the risks associated with AI-powered customer support tools and the importance of rigorous testing for security vulnerabilities.
Broader Implications for AI Security
This incident serves as a stark reminder of the potential vulnerabilities in AI systems, particularly when they are integrated with sensitive account management functions. As companies increasingly deploy AI chatbots for customer support, ensuring robust verification mechanisms is critical to prevent similar exploits. Meta's AI chatbot was designed to streamline password resets, but the bug allowed attackers to subvert the intended security checks. The company has not detailed the specific code path that caused the bug, but it has assured users that the issue is resolved.
Advice for Instagram Users
In the wake of this incident, Instagram users are advised to enable two-factor authentication, use strong and unique passwords, and monitor their accounts for suspicious activity. Users should also be cautious when receiving unsolicited password reset emails and report any unauthorized access to Meta immediately. While Meta has resolved the exploit, the company has not announced any mandatory password resets for affected users, so proactive security measures are recommended.
Conclusion
The hijacking of over 20,000 Instagram accounts via Meta's AI chatbot exploit underscores the evolving landscape of cybersecurity threats. As AI becomes more embedded in everyday services, the potential for novel attack vectors increases. Meta's prompt response mitigated the immediate threat, but the incident raises questions about the security of AI-driven support systems. Users and companies alike must remain vigilant to protect against such exploits in the future.
This article is based on reporting by The Verge. Read the original article.
Originally published on theverge.com
