20,225 Instagram accounts hijacked—not through phishing or credential stuffing, but by asking Meta's own AI support chatbot for a password reset.
Meta confirmed the breach in a notice filed with the state of Maine, first spotted by Bleeping Computer. The company blames a "bug" in a separate code path: the chatbot itself worked correctly, but the system never verified that the email address supplied for a password reset actually matched the email on the account. Attackers simply asked for a reset, provided any email, and gained control without triggering two-factor authentication.
The Bug: Chatbot Password Reset Without Email Check
This isn't a novel social engineering attack. It's a straightforward logic flaw in the integration between Meta's AI chatbot and its account recovery backend. When a user asked the chatbot for a password reset, the system accepted the email address from the chat input without cross-referencing it against the account's registered email. That allowed an attacker to supply their own email, receive the reset link, and change the password. Two-factor authentication never fired because the reset request originated from within Meta's own support flow.
The scale is substantial: 20,225 confirmed hijacked accounts. Meta hasn't disclosed how many were restored or whether any accounts were used for further abuse before the bug was patched.
20,225 Accounts and Counting
That number—20,225—represents actual confirmed compromises, not just attempted attacks. For context, that's roughly the population of a small town. For Meta, it's a reminder that AI-powered customer support interfaces introduce new attack surfaces that bypass traditional security controls. The chatbot did exactly what it was asked; the failure was in the verification layer that should have blocked the request.
Meta says the bug has been fixed, but the notice doesn't detail when it was introduced or when the exploit was discovered. Filing a notice with the state of Maine is required under data breach notification laws, which means users in that state were affected, but the actual geographic distribution is likely global.
What This Means for AI-Powered Support Systems
Every company rushing to deploy AI chatbots for customer service should read this notice. The vector here wasn't a subtle prompt injection or adversarial attack—it was a missing email-check. When you build an automation layer that handles sensitive actions like password resets, you inherit the responsibility to maintain every security check that a human agent would perform. Meta's chatbot dropped one check, and over 20,000 accounts paid the price.
Next time your organization adds an AI chatbot to handle password resets, make damn sure it verifies the email address before handing over the keys.
Source: Hackers likely hijacked over 20,000 Instagram accounts with Meta's AI chatbot
Domain: theverge.com
Comments load interactively on the live page.