Meta AI chatbot hack exposed Instagram recovery flaw

Hackers reportedly used Meta’s AI support chatbot to change recovery details on Instagram accounts, turning a support shortcut into a live account-takeover risk. Ars Technica reported that attackers persuaded the system to reset linked email addresses, giving them a route into accounts they did not own.

Account recovery is a difficult place to automate safely. A password reset, email change or support override can become the real key to an account, particularly when a high-value Instagram profile can be sold or used for fraud. For Australian businesses, creators and agencies that rely on Meta accounts for customer contact, the warning is narrow but serious: AI support tools need hard guardrails wherever they help decide identity.

Meta said it had fixed the problem. BBC News reported that spokesperson Andy Stone said affected accounts were being secured after the flaw was identified.

“This issue has been resolved and we are securing impacted accounts.”

• Andy Stone, Meta, to BBC News

Ars Technica said Meta implemented an emergency patch on 29 May. Its report also said some compromised Instagram accounts were worth hundreds of thousands of dollars on the grey market, a price signal that helps explain why attackers would probe help channels as well as passwords and two-factor authentication codes.

Why the recovery workflow matters

The reported attack path was not a conventional data breach. The available reporting does not show that Instagram passwords leaked from Meta. The risk sat inside a help channel that appeared able to change account details after being persuaded by an attacker. That matters for users and security teams because stronger passwords cannot fix a recovery process that can be socially engineered.

Business Insider reported that Meta launched the AI support assistant in March, and that the incident came as the company was also cutting about 8,000 staff. The timing does not prove the staffing cuts caused the flaw. It does sharpen the operational question for any company replacing support labour with automation: who reviews the edge cases where a bot’s decision can hand over a real account?

Tomas Stamulis, chief security officer at Surfshark, compared the assistant to “an inexperienced employee” in Business Insider’s report. Another security executive, Marijus Briedis, put the control issue more plainly.

“AI should never be the final arbiter of identity.”

• Marijus Briedis, quoted by Business Insider

For security teams, the practical concern is not that every support chatbot is unsafe. The concern is whether the tool can act on the same privileged recovery steps that a trained trust-and-safety worker would normally verify. Email resets, identity documents and account ownership disputes are high-friction by design. Lowering that friction can help legitimate users. It can also give attackers a faster script to test, which is why escalation rules matter as much as the chatbot model itself.

Meta’s patch closes the reported weakness, but the broader warning will not stop at Instagram. AI assistants are being pushed into customer support because they can triage requests quickly and cheaply. The Instagram case shows the limit of that argument. When the workflow touches identity recovery, speed is not enough; platforms need logs, human escalation and hard limits on what an automated agent can approve.