Meta's AI support bot exposes 20,000 Instagram accounts through password reset flaw

Meta's AI Support Bot Compromised 20,000 Instagram Accounts

Meta's automated customer support system contained a verification flaw that allowed hackers to reset passwords for 20,225 Instagram users without confirming their email addresses. The company disabled the High Touch Support chatbot after discovering the bug, reset passwords for affected accounts, and forced users through mandatory re-authentication.

How the Attack Worked

The High Touch Support system, an AI-assisted chatbot designed to help users recover locked accounts, failed to verify that password reset links were sent to actual account email addresses. Hackers exploited this gap by triggering password resets to email addresses they controlled, effectively taking over accounts without knowing original passwords or security questions.

The technique worked best when combined with VPNs to mask suspicious login locations. The system essentially handed account access to whoever requested it-a fundamental breakdown in verification logic.

Two-Factor Authentication Proved Essential

Accounts with two-factor authentication enabled resisted the attack. While hackers could trigger password resets, they still needed the second authentication factor to access accounts. This reinforces a basic security principle: a phone number or authenticator app remains your strongest defense against automated attacks, even ones sophisticated enough to fool AI systems.

What's at Risk

Meta confirmed to the Maine Attorney General that while no evidence of data theft exists, account access could have exposed direct messages, contact information, posts, and connected services. The company plans to fix the verification bug before relaunching the tool and will review similar account-recovery flows across all Meta platforms.

For customer support teams, this incident reveals a critical gap in AI for Customer Support deployment: automated systems handling privileged actions like password resets require bulletproof verification, not just conversational ability. Understanding how AI Agents & Automation can fail at security checkpoints matters whether you're building these systems or supporting users affected by them.