Hackers used Meta’s AI support system to hijack over 20,000 Instagram accounts
Meta has revealed that attackers hijacked 20,225 Instagram accounts by exploiting a flaw in the company’s AI-assisted account recovery system.
According to the company, a vulnerability in High Touch Support (HTS) allowed unauthorized parties to perform password resets on Instagram accounts.
HTS is an AI-assisted account recovery system for Instagram designed to help users regain access to locked accounts. Users can request password reset links through the support workflow when they lose access to their accounts.
“The tool itself worked properly and functioned as intended; however due to a bug in a separate code path, the system did not properly verify that the email address provided by the individual requesting a password reset matched the email address associated with that user’s Instagram account,” explained Amber Hannah, Associate General Counsel, Incident Response Legal at Meta.
“As a result, when an individual provided an email address not previously associated with the account, the system incorrectly sent a password reset link to that unassociated email rather than rejecting the request. This allowed unauthorized third parties to receive a password reset link for accounts they did not own. Upon resetting the password, the unauthorized party was able to log in to the account if the account holder had not enabled 2FA,” added Hannah.
Meta said it identified the vulnerability on May 31. The filing published on Maine’s Attorney General website lists April 17 as the incident date, indicating the first unauthorized access may have occurred more than six weeks earlier.
The company said it has no evidence showing what information, if any, was accessed from the compromised accounts. It noted that data potentially exposed through affected accounts included contact information, such as email addresses and phone numbers, dates of birth, photos, videos, stories, direct messages, account activity, profile information, and linked services.
Last week, reports emerged on Reddit, X, Telegram, and in security communities that Instagram accounts were being hijacked through Meta’s AI-powered support workflow.
What stood out was how simple the attack appeared to be. Videos shared on Telegram show attackers interacting with Meta’s AI support assistant. In the videos, the attackers explained that they used VPN services to place themselves in the same general geographic area as the target account before asking the chatbot to link the account to an email address under their control.
According to security journalist Brian Krebs, attackers targeted high-profile Instagram accounts, including the Obama White House account and the account of the U.S. Space Force’s Chief Master Sergeant, as well as short, high-value usernames that can be resold on underground markets.
Upon discovering the vulnerability, the company disabled the affected AI-assisted support tool and invalidated password reset links generated through the vulnerable workflow. It also required additional authentication for potentially affected accounts and instructed impacted users to reset their passwords.
“Prior to re-launching the tool, Meta will fix the authentication check in the Instagram recovery entry point to ensure proper verification of email addresses against existing account information before any password reset is initiated. Additionally, Meta is conducting a comprehensive review of similar account recovery flows across Meta’s platforms to identify and remediate any potential issues,” the company concluded.
Meta launched its AI support assistant in March, claiming: “We’re rigorously testing each of these AI systems, building in safeguards and evaluating their performance to protect against bias and ensure consistency and accuracy.”
Apparently, offloading account recovery to AI backfired sooner than expected.