Just over a week ago, Meta’s AI‑driven chat assistant unintentionally handed hackers access to thousands of Instagram accounts, including high‑profile profiles such as makeup retailer Sephora, the senior non‑commissioned officer of the U.S. Space Force, and even Barack Obama’s White House account.
The precise count was later disclosed in a filing with the Maine attorney general’s office, revealing a total of 20,225 compromised accounts (30 of which belonged to Maine residents).
The breach, reported by 404 Media last week, was straightforward to execute against users who had not activated two‑factor authentication. Hackers simply instructed the AI bot to change the email address associated with a target account to one they controlled. Once the change was approved, they requested a password reset, prompting the AI to dispatch a verification code to the newly set email. After confirming the reset, the attackers gained full control of the account.
An edited step‑by‑step video of the exploit surfaced on X, showing the hackers using a VPN to appear as if they were located where the target resided. At no point did they need the victim’s original email address or password.
In a notification letter to Maine Attorney General Aaron Frey dated June 5, Meta acknowledged “a vulnerability in the AI‑assisted account recovery system for Instagram … that was exploited by unauthorized third parties to perform password resets on Instagram user accounts.”
Following the public disclosure, numerous Instagram users posted on Reddit and X that their accounts had been taken over, though the full scope of the hack was unclear at the time. A Meta spokesperson later confirmed on X that the flaw had been patched as of June 1, shortly after the initial reports.
How did AI enable the breach?
The root cause lies largely in Meta’s decision to shift customer support to an AI system in March, promising “24/7 help for account issues like updating your password and profile settings.” With the chatbot handling the entire recovery flow, human agents could not intervene when suspicious activity arose, allowing the social‑engineering attack to succeed repeatedly before anyone noticed.
Compromised accounts were forcibly logged out for all users and the original email addresses were reinstated. Affected users were instructed to reset their passwords and re‑authenticate. Meta says a follow‑up notice will be sent once accounts are secured, urging users to enable two‑factor authentication to block future attacks.
Meta has not yet responded to a request for comment.
How to shield yourself from similar exploits
The social‑engineering trick fails against accounts that have multi‑factor authentication enabled. Those accounts either receive the one‑time code in an authenticator app or via SMS. Without MFA, the reset code is sent to a chosen email address, which the hackers can simply claim.
The most effective defense is to turn on multi‑factor authentication, available across all Meta platforms. While it isn’t a 100% guarantee, it vastly outperforms reliance on a password alone and would have completely blocked this particular attack.
Additional security measures include using passkeys where supported and employing a private email address for your Instagram login, making it harder for attackers to locate your credentials.
