Instagram has fixed a security issue that allowed attackers to take over some users’ accounts by exploiting Meta’s AI-powered support chatbot.
The issue drew attention over the weekend after users on Reddit and X warned that their Instagram accounts had been compromised. Some high-profile accounts were also affected, including the Obama-era White House Instagram handle, which appears to have been inactive since 2017, and the account of US Space Force Chief Master Sergeant John Bentivegna.
The attack appeared to abuse Meta’s AI support assistant during the account recovery process. The flaw allegedly allowed attackers to add a new email address to a target account and reset the password without first taking control of the victim’s original email address.
A video shared online showed the account takeover process, but the core problem was that the chatbot appeared to treat the person contacting support as the account owner without enough identity checks.
Security researcher Jane Wong said her Instagram account was also taken over. Her password was changed without her approval, and she received several password reset attempts before the issue became public.
The incident also affected accounts beyond regular users. The compromised accounts included the Obama-era White House handle and John Bentivegna’s Instagram account. The Guardian also listed Sephora among the high-profile accounts affected.
Instagram spokesperson Andy Stone stated on Monday that the issue had been fixed in replies to posts from Wong and other affected users.
The total number of affected Instagram accounts remains unclear. Meta did not immediately respond to TechCrunch’s request for comment.
The incident raises new questions about giving AI support tools access to sensitive account actions such as email changes and password resets.
The flaw also shows how AI-based customer support can create new security risks when identity checks are not strong enough for account-level changes. Meta has now fixed the issue, but the case highlights the need for stronger safeguards around automated support systems.
Get the latest tech news, telecom insights, and product launches wherever you prefer.
Add ProPakistani to Preferred Sources and see more of our stories in Google Search and Top Stories.