Meta confirms 1000s of Instagram accounts were hacked by abusing its AI chatbot

> "The tool itself worked properly and functioned as intended; however due to a bug in a separate code path, the system did not properly verify that the email address provided by the individual requesting a password reset matched the email address associated with that user’s Instagram account," said Meta in its breach notice.

I'm not sure "worked properly" and "as intended" accurately describe this situation.

"Meta notified at least 20,225 people that their accounts had been compromised. [...]

The compromises allowed the hackers to take over the person's entire Instagram and any linked accounts, including obtaining contact information, dates of birth, and profile information, as well as the ability to access the person's posts, direct messages, and account activity [...]

the hacks began around April 17 and lasted until this week [...]"

This is staggering.

Meanwhile an account I created for a new product was permanently disabled by an automated system with no path for me to appeal to a human.

(If anyone at Meta/Instagram sees this I wrote a brief blog post with the details. Please help! https://addisonwebb.com/blog/2026-06-05-Can%20Someone%20at%2... )

People were reporting their accounts were being taken over with proper 2fa. Everyone had wondered how they hackers could take over accounts with little information, people were saying "inside job."

This is exactly the stupid explanation I expected. Your privacy and security. Meta. Serious Business.

This was on hacker news a few days ago (https://news.ycombinator.com/item?id=48359102) - description of the “hack”, not the cockamamie confirmation by Meta.

I really hope this accelerates meta's decline. The world will adapt just fine without social media.

>AI-assisted account recovery system

oh no...Meta what are you doing

Corrected headline: "Meta confirms 1000s of Instagram accounts were hacked due to their insecure AI chatbot".

Why was 'can a user request a different email' not literally the first test that comes to mind when making something like this? Do they not test anything because the scale is too big?

The AI passed the Turing Test by becoming the world's most trusting customer service rep.

You only have to look at both the ridiculiously terrible "Q&A chatbot" that is in FaceBook under some posts (do they still have this?) and the fact that their system can't tell the difference between an inappropriate and a non-inappropriate comment most of the time to understand just how far behind Meta is in AI...

I got a suspicious password reset request email today from Meta but it landed in my inbox. Luckily I have MFA and after checking audit logs inside IG upon logging in, I did not see anything suspicious.

And who said cameras linked to Meta in their glasses were a good idea?

Move fast and break things.

How do business owners hire people from Meta knowing these types of "bugs" get deployed with a shrug? Meta will survive them. Their business might not.

how on earth a password reset API would take both email address and account id as parameters? The chat bot is fine. I bet it's the API written by AI the issue

"abusing" by using it's built in insecurity to do insecure things.

It's like, people abusing an open door. "Guys, just because we left the door open to your bedroom doesn't mean we're responsible".

God can only hope this is a business ending lawsuit.

If this was a bank that had zero humans and the AI chatbot was abused to hand over sensitive information about their customers which led to this disaster, people would never trust their bank ever again and leave.

Meta believes that they can vibe-code their reputation down the drain by removing humans in the loop.

Applying a technical solution to a social problem almost always ends in disasters like this.

Reputation can’t be vibe-coded.

Just AI Slop doing AI Slop things

By "abusing" they mean "using"

https://www.documentcloud.org/documents/28202858-meta-ai-ag-...

https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2...

Are we winning yet?

Probably some product manager pushed back on security considerations raised by engineers.

Yet another reminder that most of these chatbots get shipped way before they're ready. Loud marketing, security treated as an afterthought, all to ride the AI hype. LLMs open up a whole new attack surface and a lot of teams still treat prompt injection like a fun edge case. This is what happens when you ship the demo instead of the product.

Imagine how much $ ppl could have made hijacking famous accounts to promote crypto or other crap. I wonder how often this happened.