Meta Addresses Security Vulnerability in AI Support Tool Following Account Takeovers
Meta has moved to resolve a significant security vulnerability within its AI support assistant that allowed unauthorized parties to hijack Instagram accounts. The flaw, which surfaced over the weekend, raised concerns about the safety of the company’s automated recovery processes.
The issue centered on the AI support tool that Meta introduced in December 2025 to streamline account recovery for users locked out of their Facebook or Instagram profiles. Security researchers identified that the system could be manipulated to bypass standard security protocols, including two-factor authentication, by tricking the AI into sending password reset codes to unauthorized email addresses.
How the Exploit Functioned
According to reports detailing the vulnerability, the exploit relied on manipulating the AI’s reliance on user location data. Attackers reportedly used VPNs to match the geographic region of a targeted account, a tactic that aligned with Meta’s own systems designed to recognize familiar user locations, and devices.
By initiating a “forgot password” request and engaging the AI support bot, hackers were able to use prompt-based techniques to request that the password reset code be sent to an email address of their choosing. Once the AI provided the code, the attackers could finalize the password reset and gain full control of the account.
Meta’s Response
The security flaw gained widespread attention after multiple high-profile Instagram accounts were compromised, including those belonging to the Obama White House, the beauty retailer Sephora, and a high-ranking official within the U.S. Space Force.
Meta has confirmed that the issue is now resolved. Andy Stone, Meta’s VP of Communications, addressed the situation on X, stating: “This issue has been resolved and we are securing impacted accounts.”
Key Takeaways for Users
- System Security: The vulnerability highlights the risks associated with automated support systems that prioritize convenience over strict authentication checks.
- Account Recovery: Meta’s AI tool, originally intended to make account recovery “faster and simpler,” inadvertently created a pathway for credential theft.
- Ongoing Protection: While the specific exploit has been patched, users should remain vigilant by monitoring their account settings for unauthorized changes to contact information or security preferences.
Looking Ahead
As Meta continues to integrate AI into its customer service infrastructure, this incident serves as a critical reminder of the potential security trade-offs in automated support. While the company has secured the affected accounts, the event underscores the importance of robust, multi-layered security verification—even when AI is designed to simplify the user experience. Moving forward, the focus remains on whether Meta will implement more stringent safeguards to prevent similar prompt-injection vulnerabilities in its automated support tools.