A flaw in Meta’s AI powered account recovery tool on Instagram allegedly allowed attackers to hijack high value accounts by manipulating the chatbot into forwarding password reset codes without identity verification, exposing a serious weakness in the platform’s support architecture rather than in its backend systems.
Researchers identified the issue as a failure in the AI assistant’s decision making logic, saying attackers could engage the chatbot in conversation and prompt it to send password reset codes to unauthorised parties. The vulnerability was said to stem from insufficient controls in the logic layer, including the absence of proper rate limiting or authentication enforcement before reset requests were processed.
Researchers Trace Exploit to AI Logic Layer
The exploit was first publicly highlighted by researchers ZachXBT and Dark Web Informer, who said threat actors had weaponised Instagram’s Meta AI assistant, a tool intended to help genuine users recover access to their accounts. According to the material in the screenshots, the vulnerability did not involve a traditional server side compromise, and Meta confirmed that no server systems were breached.
The weakness, instead, was said to exist entirely inside the AI’s decision making framework. That meant anyone who knew a target’s username could theoretically initiate an account takeover with minimal effort if other protections were not in place. The issue raised concerns not only about a single flaw but about the growing authority granted to AI support tools over sensitive account functions.
The attackers focused on premium short handle accounts with substantial underground market value, suggesting the operation was financially motivated from the outset and designed to convert access into quick profit.
FCRF’s Flagship Cyber Law Certification Returns With a New Four-Week Cohort
High Value Usernames Circulated on Telegram
Among the usernames reportedly stolen were @hey and @jowo, which were collectively valued at more than $1 million. These accounts were quickly flipped through private Telegram channels before Meta could respond.
Dark Web Informer reportedly tracked stolen account listings circulating across Telegram groups in real time, pointing to what the screenshots describe as an increasingly organised account takeover as a service ecosystem. The speed of the operation suggested that threat actors were prepared to monetise the flaw almost as soon as it became known.
The incident also widened scrutiny of the underground market for rare usernames, where short handles can carry extraordinary resale value. In this case, the reported targets were not random users but accounts viewed as premium digital assets.
Meta Patches Flaw, Experts Warn of Wider Risks
Meta moved to patch the issue late Friday after reports surfaced online. The company said it had fixed an issue that allowed an external party to request password reset emails for some Instagram users, while stressing that there had been no breach of its systems and that users’ Instagram accounts remained secure.
Even after the patch, the incident prompted broader concern about the security architecture around AI assisted support tools and their access to privileged recovery functions. The accounts secured with two factor authentication were not affected during the attack, underscoring the importance of stronger user side protections.
As AI tools gain deeper access to account management functions, their susceptibility to social engineering could become a critical and underestimated attack vector. The episode has renewed calls for stricter safeguards, including role based AI access controls and mandatory authentication checks before sensitive actions are approved.
About the author – Rehan Khan is a law student and legal journalist with a keen interest in cybercrime, digital fraud, and emerging technology laws. He writes on the intersection of law, cybersecurity, and online safety, focusing on developments that impact individuals and institutions in India.
