Meta's AI Chatbot Vulnerability Enabled Widespread Instagram Account Hijacking

Meta has confirmed that a vulnerability in its AI-assisted account recovery system allowed hackers to hijack Instagram accounts by tricking the company's chatbot. According to a data breach notification filed with Maine's attorney general's office, the company notified at least 20,225 people that their accounts were compromised.

The exploit targeted accounts without two-factor authentication enabled. Hackers used the chatbot to perform password resets by requesting that the system send verification codes to email addresses controlled by the attackers. The chatbot complied with these requests, bypassing the email address on file for the actual account holder. Meta stated that while the tool functioned as intended, a bug in a separate code path failed to verify that the provided email address matched the user's Instagram account.

This breach allowed unauthorized parties to take control of entire Instagram profiles and any linked accounts. The compromise included access to contact information, dates of birth, and profile information. Attackers also gained the ability to view posts, direct messages, and account activity.

The scale of this campaign, which operated for months, highlights a critical failure in the integration of AI agents into sensitive security workflows. When companies deploy LLM-based assistants to handle high-stakes tasks like account recovery, the chatbot becomes a new attack vector. In this instance, the chatbot acted as a functional bridge for hackers to bypass traditional authentication logic.

The incident demonstrates that even if an AI model follows instructions, the underlying system architecture can fail if it does not enforce strict identity verification. For organizations deploying AI in customer-facing roles, the lesson is clear: the chatbot's ability to follow a prompt does not substitute for the necessity of rigorous, secondary validation of the data being processed.

Assess your organization's AI-driven recovery or authentication workflows for logic gaps that allow user-provided inputs to override established security parameters.