Attackers reportedly exploited Meta’s AI-powered customer support assistant to take over Instagram accounts by manipulating the platform’s account recovery process, according to public reports, security researchers, and evidence shared online over the weekend.
The alleged abuse gained attention after several Instagram accounts were compromised and briefly defaced with pro-Iranian messages and imagery. Reportedly affected accounts included the Instagram handle associated with the Obama-era White House and the account belonging to Chief Master Sergeant of the U.S. Space Force John Bentivegna.
Security researcher Jane Wong also reported that her Instagram account was compromised during the incident, stating that her password was changed without authorization following multiple password reset attempts.
Meta AI assistant allegedly manipulated during recovery process
According to videos and screenshots circulated online, attackers were reportedly able to convince Meta’s AI support assistant to add an attacker-controlled email address to a target account during a password recovery workflow.
Demonstrations shared online appear to show attackers first initiating a password reset request before engaging with Meta’s AI-powered support assistant. The chatbot allegedly accepted requests to associate a new email address with the target account and then sent a verification code to that newly added address.
Once the verification code was received, attackers reportedly used it to complete the recovery process and establish a new password, effectively taking control of the account without needing access to the victim’s original email address.
TechCrunch reported that it independently verified a public mailbox shown in one of the demonstration videos received a verification code from Instagram during the process.
The alleged abuse appears to have affected both high-profile accounts and desirable short username accounts, which are frequently targeted by account takeover groups due to their resale value.
No evidence of a Meta breach
At this stage, there is no indication that Meta’s internal systems or databases were breached. The reported issue appears to have involved abuse of an account recovery workflow rather than unauthorized access to Instagram’s infrastructure.
Security researchers have noted that AI-powered support systems may introduce new attack surfaces when granted authority to perform sensitive account actions such as identity verification, email changes, or password resets.
Just as human support agents can be manipulated through social engineering, automated assistants may also be susceptible to carefully crafted requests that exploit gaps in recovery and verification procedures. Similar concerns around AI-enabled attack paths have emerged in recent supply chain investigations, including BreachNews reporting on the TeamPCP worm’s expanding impact across developer ecosystems.
Meta says issue has been fixed
Meta spokesperson Andy Stone stated publicly that the issue had been resolved and that impacted accounts were being secured.
Reports indicate Meta deployed an emergency fix after details of the alleged abuse began circulating among attackers and security researchers.
Although Meta says it has addressed the issue, reports indicate attackers may still be attempting to exploit similar account recovery workflows. At the time of publication, it remains unclear whether those reports reflect continued exploitation of the original vulnerability, incomplete remediation, or new techniques targeting the same support systems.
MFA reportedly prevented account takeovers
Notably, individuals sharing details of the alleged exploit claimed the technique did not work against accounts protected with multi-factor authentication.
According to those claims, accounts requiring a secondary authentication factor could not be fully compromised through the recovery workflow alone.
The incident serves as another reminder that enabling MFA remains one of the most effective defenses against account takeover attacks, even when password recovery systems are abused. Organizations and users looking to strengthen protections against credential theft can also review BreachNews’ guide on recognizing and defending against social engineering attacks.
As more technology companies deploy AI systems to handle customer support and identity verification requests, the incident may offer an early example of how attackers could target automated recovery workflows as a new avenue for account compromise.
