Enterprises deploying AI chatbots for customer-facing account management must reassess their security posture after Meta confirmed that thousands of Instagram accounts were hijacked through abuse of its AI-powered account recovery system. According to a data breach notification letter filed with Maine's attorney general's office and seen by this week in security, Meta notified at least 20,225 people that their accounts had been compromised, including 30 people in Maine. The hacks began around April 17 and lasted until early June, when Meta secured the chatbot.
How the Chatbot Was Tricked
As previously reported by 404 Media and TechCrunch, hackers exploited a vulnerability in Meta's AI-assisted account recovery system for Instagram. The flaw allowed anyone to reset the password of any account that did not have two-factor authentication enabled. The chatbot could be tricked into sending a password reset verification code to an email address controlled by the attacker, rather than the account holder's email on file. The chatbot complied simply upon request.
In its breach notice, Meta explained: "The tool itself worked properly and functioned as intended; however due to a bug in a separate code path, the system did not properly verify that the email address provided by the individual requesting a password reset matched the email address associated with that user’s Instagram account." As a result, an unauthorized third party could provide an email address not associated with the account, and the system incorrectly sent a password reset link to that unassociated email. This allowed the hackers to reset the password and take over the account fully.
Scope of the Compromise
The data breach notification detailed that the compromise allowed hackers to take over the entire Instagram account and any linked accounts. Attackers could obtain contact information, dates of birth, and profile information, as well as access the person's posts, direct messages, and account activity. Meta stated it is "unaware" of what personal information was accessed during the hacks, though an email to Meta's press line was not returned as of early Saturday.
| Key Fact | Detail |
|---|---|
| Total affected accounts | 20,225 |
| Affected accounts in Maine | 30 |
| Hack start date | April 17, 2026 |
| Hack end date | Early June 2026 (when chatbot was secured) |
| Root cause | Bug in code path: chatbot did not verify email address matched account |
| Mitigation | Chatbot disabled, code path removed, affected users instructed to reset passwords |
Enterprise Implications for AI Chatbot Security
For enterprise technology leaders, the Instagram hack serves as a cautionary tale. AI chatbots are increasingly deployed for password resets, account recovery, and customer authentication across supply chain platforms, trade finance portals, and logistics systems. The flaw here was not a failure of the AI model itself, but of the integration logic—a separate code path that bypassed email verification. Meta confirmed that it has disabled the AI chatbot for now, removed the offending code path, and is checking other chatbots across its platforms to prevent a repeat incident.
Enterprise CTOs should review their own AI-assisted account recovery systems to ensure that any password reset or authentication request is robustly validated against the user's registered contact information. This incident also reinforces the importance of enforcing two-factor authentication (2FA) for all accounts, as the hack was only possible against accounts without 2FA enabled.
Meta's Response
Meta instructed impacted users to reset their passwords and re-authenticate through secure, verified channels. The company said the hacks lasted from April 17 until the time of disclosure in early June, when it secured the chatbot. The incident comes soon after Meta laid off thousands of employees while rewarding top performers, highlighting the potential operational risks when AI systems are deployed without sufficient guardrails.
