Meta’s AI Support Tool Vulnerability Leads to Hijacking of 20,000 Instagram Accounts

Over 20,000 Instagram accounts, including those of high-profile public figures and major brands, were compromised following the exploitation of a critical vulnerability in Meta’s AI-assisted account recovery system. The breach, which persisted for approximately seven weeks, occurred because of a verification bug within the recovery workflow.

Meta’s \"High Touch Support\" (HTS) tool, designed as an AI-powered conversational agent to help users regain access to locked Instagram accounts, became the vector for the massive exploit. The vulnerability allowed threat actors to systematically take over accounts that lacked two-factor authentication (2FA).

According to Amber Hannah, Associate General Counsel for Incident Response Legal at Meta, the recovery tool itself was not fundamentally broken. \"The tool itself worked properly and functioned as intended; however due to a bug in a separate code path, the system did not properly verify that the email address provided by the individual requesting a password reset matched the email address associated with that user's Instagram account,\" Hannah stated.

Consequently, Hannah explained that when an unauthorized party provided an unassociated email address, \"the system incorrectly sent a password reset link to that unassociated email rather than rejecting the request. This allowed unauthorized third parties to receive a password reset link for accounts they did not own. Upon resetting the password, the unauthorized party was able to log in to the account if the account holder had not enabled 2FA.\"

Exploiting the "Confused Deputy"

Attackers reportedly leveraged virtual private networks (VPNs) to mask their locations and mimic the geographic location of the targeted accounts, helping them bypass automated security blocks. Step-by-step exploit instructions were widely circulated on the messaging app Telegram, which fueled a rapid escalation in account takeovers. Among the victimized accounts were high-profile entities such as Sephora, the archived Obama White House account, and Chief Master Sergeant John Bentivegna of the U.S. Space Force.

Security experts have characterized the HTS flaw as a textbook example of a \"confused deputy\" vulnerability. In such scenarios, an automated system is granted privileged permissions to execute actions—like initiating password resets—without possessing the necessary logic to verify the true identity of the requester.

Chronology of the Breach

The first unauthorized access occurred on April 17, 2026. Meta did not internally discover the security flaw until May 31, 2026, meaning the vulnerability remained active for roughly seven weeks.

Upon discovering the bug, Meta disabled the HTS tool, invalidated all active password reset links generated by the system, and mandated additional security checks for the affected accounts. The company filed formal data breach notifications with the Attorneys General of Maine and Vermont on June 5, 2026.

In its filing with Maine's Office of the Attorney General, Meta disclosed, \"We are writing to inform you that a vulnerability in an Instagram account recovery support tool was used to potentially compromise the Instagram accounts of 30 users in your jurisdiction. All accounts have been secured to prevent any continued unauthorized access.\"

Data Exposed and Meta’s Mitigation

While Meta has stated there is no direct evidence indicating exactly what data was accessed, the security lapse potentially exposed sensitive user data. This includes direct messages, contact information (both phone numbers and emails), dates of birth, photos, videos, stories, account activity logs, and linked third-party services. Affected users are scheduled to receive electronic notifications starting June 19, 2026, advising them to review security settings. Meta stated that, as soon as practical, it intends to notify potentially impacted users to inform them of the incident, recommend reviewing security settings, and advise enabling two-factor authentication.

This security incident coincided with unverified reports of a separate Instagram glitch on June 6, 2026, which allegedly leaked contact details for prominent individuals, including Meta CEO Mark Zuckerberg. Meta has not linked that alleged glitch to the HTS security issue.

Broader Implications for AI in Customer Support

This breach highlights a growing tension within the tech sector. Platforms like Instagram have faced long-standing criticism for their lack of accessible, human-led customer support, which has driven companies to rapidly deploy AI conversational agents. However, automating sensitive processes like account recovery introduces severe security risks if standard verification protocols are bypassed.

Looking ahead, the incident is expected to intensify regulatory and industry scrutiny over the deployment of AI in customer-facing roles with high levels of administrative permission. As companies continue to replace human support agents with conversational AI, building robust, multi-layered identity verification systems will become a non-negotiable standard for maintaining user trust and platform security.