Meta has disabled an AI-assisted Instagram account recovery tool after attackers exploited a verification flaw that allowed unauthorised password resets and likely led to the takeover of 20,225 accounts.
The vulnerability, tied to Meta’s High Touch Support system, exposed a sharp risk in the company’s push to automate sensitive user-support functions. The tool was meant to help locked-out users regain access by sending password reset links. A faulty code path failed to confirm that the email address supplied during recovery matched the email linked to the Instagram account, allowing attackers to route reset links to addresses they controlled.
The breach came to light after a wave of account hijackings affected both ordinary users and high-profile profiles, including the dormant Obama White House Instagram account, beauty retailer Sephora and a senior US Space Force official. Some compromised accounts were briefly defaced, while others appeared to have been targeted for resale, brand abuse or handle theft.
Meta has said the issue was resolved on June 1 and that affected accounts were being secured. The company removed the flawed code, disabled the AI-assisted support function, invalidated manipulated password reset links and enrolled affected users in enhanced security measures. The company has also said it has no evidence that personal data was accessed, although account takeovers can expose private messages, contact details, recovery information and identity-linked account settings to attackers once control is gained.
The incident appears to have unfolded over several weeks before being contained. The affected account count was disclosed in a breach filing, which listed 20,225 affected users, including a small number of residents in the US state of Maine. The disclosure places the Instagram episode among the clearest public examples yet of AI-enabled customer support creating a security gap not through a conventional software exploit alone, but through misplaced authority given to an automated recovery workflow.
The attack method was strikingly simple. Instead of breaking into Instagram’s core systems, attackers manipulated the support process to associate a target account with a new email address or to trigger reset links outside the proper verification chain. Once a reset link was received, they could change the password and lock out the legitimate user, especially where two-factor authentication had not been enabled.
Cybersecurity specialists have pointed to the incident as a warning for platforms using AI agents in account recovery, payments, identity checks and user moderation. Password resets are among the most sensitive operations on any digital service because they can override existing credentials and security controls. When an automated assistant is allowed to initiate or approve such actions without independent identity checks, it becomes a privileged attack surface.
The breach also comes at a delicate moment for Meta’s broader AI strategy. The company has been investing heavily in artificial intelligence across Facebook, Instagram, WhatsApp, Messenger and its advertising systems, while presenting AI agents as a way to improve support, automate workflows and reduce friction for users. The Instagram case shows the trade-off: faster recovery tools can reduce user frustration, but they also require stronger guardrails when they touch account ownership.
Meta has faced long-standing criticism over limited human support for locked-out users and creators whose accounts are suspended, impersonated or compromised. The AI support assistant was introduced to address part of that gap by handling recovery and reporting tasks at scale. Its failure has now raised questions about whether automation was deployed before sufficient abuse testing, audit logging and manual escalation controls were in place.
The risk is not confined to Meta. Banks, social platforms, telecom operators, e-commerce firms and public-facing services are testing AI assistants for customer verification and support. Security teams are increasingly concerned that attackers will target these systems through social engineering, prompt manipulation and process abuse rather than direct network intrusion. A chatbot that can “take action” on behalf of a platform may become more dangerous than one that merely answers questions.
For Instagram users, the immediate lesson remains practical. Two-factor authentication, preferably through an authenticator app or hardware security key rather than SMS alone, sharply reduces the risk of account takeover after a password reset attempt. Users should review linked email addresses and phone numbers, check active login sessions, revoke suspicious third-party access and avoid sharing recovery codes in any chat interface.
The vulnerability, tied to Meta’s High Touch Support system, exposed a sharp risk in the company’s push to automate sensitive user-support functions. The tool was meant to help locked-out users regain access by sending password reset links. A faulty code path failed to confirm that the email address supplied during recovery matched the email linked to the Instagram account, allowing attackers to route reset links to addresses they controlled.
The breach came to light after a wave of account hijackings affected both ordinary users and high-profile profiles, including the dormant Obama White House Instagram account, beauty retailer Sephora and a senior US Space Force official. Some compromised accounts were briefly defaced, while others appeared to have been targeted for resale, brand abuse or handle theft.
Meta has said the issue was resolved on June 1 and that affected accounts were being secured. The company removed the flawed code, disabled the AI-assisted support function, invalidated manipulated password reset links and enrolled affected users in enhanced security measures. The company has also said it has no evidence that personal data was accessed, although account takeovers can expose private messages, contact details, recovery information and identity-linked account settings to attackers once control is gained.
The incident appears to have unfolded over several weeks before being contained. The affected account count was disclosed in a breach filing, which listed 20,225 affected users, including a small number of residents in the US state of Maine. The disclosure places the Instagram episode among the clearest public examples yet of AI-enabled customer support creating a security gap not through a conventional software exploit alone, but through misplaced authority given to an automated recovery workflow.
The attack method was strikingly simple. Instead of breaking into Instagram’s core systems, attackers manipulated the support process to associate a target account with a new email address or to trigger reset links outside the proper verification chain. Once a reset link was received, they could change the password and lock out the legitimate user, especially where two-factor authentication had not been enabled.
Cybersecurity specialists have pointed to the incident as a warning for platforms using AI agents in account recovery, payments, identity checks and user moderation. Password resets are among the most sensitive operations on any digital service because they can override existing credentials and security controls. When an automated assistant is allowed to initiate or approve such actions without independent identity checks, it becomes a privileged attack surface.
The breach also comes at a delicate moment for Meta’s broader AI strategy. The company has been investing heavily in artificial intelligence across Facebook, Instagram, WhatsApp, Messenger and its advertising systems, while presenting AI agents as a way to improve support, automate workflows and reduce friction for users. The Instagram case shows the trade-off: faster recovery tools can reduce user frustration, but they also require stronger guardrails when they touch account ownership.
Meta has faced long-standing criticism over limited human support for locked-out users and creators whose accounts are suspended, impersonated or compromised. The AI support assistant was introduced to address part of that gap by handling recovery and reporting tasks at scale. Its failure has now raised questions about whether automation was deployed before sufficient abuse testing, audit logging and manual escalation controls were in place.
The risk is not confined to Meta. Banks, social platforms, telecom operators, e-commerce firms and public-facing services are testing AI assistants for customer verification and support. Security teams are increasingly concerned that attackers will target these systems through social engineering, prompt manipulation and process abuse rather than direct network intrusion. A chatbot that can “take action” on behalf of a platform may become more dangerous than one that merely answers questions.
For Instagram users, the immediate lesson remains practical. Two-factor authentication, preferably through an authenticator app or hardware security key rather than SMS alone, sharply reduces the risk of account takeover after a password reset attempt. Users should review linked email addresses and phone numbers, check active login sessions, revoke suspicious third-party access and avoid sharing recovery codes in any chat interface.
Topics
Technology