Meta has confirmed that more than 20,000 Instagram accounts were compromised after attackers exploited a vulnerability in the company’s AI-powered support system, raising fresh concerns about the security of automated customer service tools.
The incident, which affected both ordinary users and several high-profile accounts, involved hackers manipulating Meta’s AI Support Assistant to gain unauthorised access to Instagram profiles through a simplified password reset process.
AI Support Tool Exploited for Account Takeovers
According to reports, attackers discovered a flaw in the AI-driven support system that allowed them to modify account recovery information without proper ownership verification.
The method was alarmingly straightforward. Cybercriminals initiated a password reset request and selected Meta’s AI Support Assistant as the recovery option. They then instructed the chatbot to add a new email address to the targeted account.
The system allegedly accepted the request without requiring the attacker to be logged into the account or complete additional identity checks. Once the new email address was added, a verification code was sent to the attacker-controlled inbox, enabling them to reset the password and seize control of the account.
The process also forced legitimate account owners to be signed out of their devices, effectively locking them out.
Security researchers described the exploit as a significant breakdown in authentication safeguards, particularly given the sensitive nature of account recovery systems.
High-Profile Accounts Among Victims
Several notable Instagram accounts were reportedly affected during the campaign.
Among the compromised profiles were an account associated with the former White House administration and an account linked to senior leadership within the U.S. Space Force. Security researcher Jane Wong also publicly stated that her Instagram account was taken over through the exploit.
The incident quickly attracted attention within the cybersecurity community due to the ease with which attackers were able to bypass standard account protection measures.
More Than 20,000 Accounts Impacted
Meta has since disclosed that approximately 20,225 Instagram accounts were affected by the vulnerability. While the company noted that a small number of account recovery requests may have been legitimate, it believes the vast majority were the result of unauthorized activity.
Attackers potentially gained access to a broad range of personal information stored within compromised accounts. Depending on the account and user activity, exposed data may have included profile details, email addresses, phone numbers, dates of birth, direct messages, published content, interaction histories and account activity records.
Meta Disables Vulnerable System
In response to the incident, Meta has disabled the affected support functionality while engineers work to strengthen its security controls.
The company said all password reset links generated through the exploit have been invalidated, preventing further misuse of the vulnerability.
Additionally, affected accounts have been placed into mandatory security review processes, with passwords reset as a precautionary measure. Meta has also begun notifying impacted users and providing guidance on securing their accounts.
Growing Scrutiny of AI-Powered Support Systems
The breach highlights the growing security challenges facing companies as artificial intelligence becomes increasingly integrated into customer support and account management systems.
While AI assistants are designed to streamline user interactions and reduce support workloads, cybersecurity experts have repeatedly warned that inadequate verification mechanisms can create opportunities for abuse.
The Instagram incident is likely to intensify industry discussions around the balance between automation, convenience and account security, particularly when AI systems are granted authority over sensitive functions such as password recovery and identity verification.
Meta has not disclosed whether any additional safeguards will be introduced before the support tool is restored, but the company says the feature will remain unavailable until the underlying vulnerability has been fully addressed.
