Meta confirms AI chatbot flaw compromised over 20,000 Instagram accounts
The tech giant filed a notice with the state of Maine, revealing that a bug in its AI support chatbot enabled password reset exploits affecting high-profile users, including Barack Obama’s former White House account.
Meta has confirmed that hackers exploited a vulnerability in its Instagram AI support chatbot to hijack 20,225 accounts. The company filed a notice with the state of Maine, which was first spotted by Bleeping Computer, detailing how the flaw allowed attackers to bypass security protocols for accounts that did not have two-factor authentication enabled.
The incident, which came to light on May 31, 2026, involved a specific error in the system’s password reset logic. According to Meta, the AI support tool itself functioned as intended, but a bug in a separate code path failed to verify that the email address provided for a reset request matched the one associated with the victim’s account. Consequently, the system sent reset links to unassociated email addresses rather than rejecting the request, enabling unauthorized third parties to gain access.
Meta communications head Andy Stone stated that the company resolved the incident on June 1, 2026. In response to the breach, Meta disabled the AI support tool, removed the faulty code path, and invalidated all password reset links generated through the exploit. The company also enrolled all potentially impacted accounts into a mandatory security checkpoint, requiring authentication before any further access is granted.
The breach affected several high-profile users, including former US President Barack Obama’s former White House account, US Space Force Chief Master Sergeant John F. Bentivegna, and the beauty brand Sephora. The notice filed with Maine indicated that 30 of the impacted users resided in the state. Meta described the figure of 20,225 accounts as an upper bound, noting that some of these accounts may have been accessed legitimately by their owners.
While Meta remains unaware of whether any personal data was actually accessed as a result of the exploit, the notice acknowledged that hijackers could have obtained sensitive information. This potential data exposure included email addresses, phone numbers, birthdates, social media posts, direct messages, profile information, account activity, and connected accounts.
