Meta AI Recovery Flaw Enabled Instagram Account Takeovers at Scale
Meta disclosed that attackers exploited a flaw in its AI-assisted Instagram account recovery system, known as High Touch Support (HTS), to reset passwords for accounts they did not own. Reporting tied the abuse to earlier takeovers of high-profile and valuable accounts including the archived Obama White House profile, Jane Manchun Wong, Sephora, a senior U.S. Space Force official, and sought-after short handles such as @hey and @jowo, some of which were briefly defaced or advertised for resale on Telegram. Multiple reports said attackers used VPNs or residential proxies to appear near a victim’s usual location, then manipulated Meta’s support workflow to add an attacker-controlled email address or receive a reset link without compromising the victim’s inbox.
Meta later said the vulnerable code path failed to verify that the submitted recovery email matched the email already associated with the target account, exposing 20,225 users between roughly April 17 and the end of May; successful takeovers were generally possible when victims had not enabled two-factor authentication. The company said it discovered the exploitation on May 31, disabled the HTS tool, invalidated reset links, forced affected accounts through security checkpoints and password resets, and plans to notify impacted users while reviewing similar recovery flows across its platforms. The incident drew broader scrutiny because an AI-driven support layer was allowed to perform privileged identity and recovery actions without deterministic verification, turning customer support into an account-takeover path.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
9 events from the most recent confirmed update back to the earliest known activity.
Meta schedules notifications to affected users
Meta said it plans to notify impacted users on 2026-06-19 about the Instagram recovery incident. The notice would require password resets and re-authentication before access is restored through verified channels.
Meta discloses 20,225 Instagram accounts were exposed
Meta disclosed in filings reported on June 8 that a validation flaw in its AI-assisted High Touch Support recovery tool exposed 20,225 Instagram accounts to unauthorized password resets and possible takeover when two-factor authentication was not enabled. The company said it does not know exactly what data attackers accessed but warned that profile data, messages, account activity, and linked-service information may have been viewed.
Meta disables HTS and secures affected accounts
After discovering the flaw, Meta disabled the High Touch Support tool, invalidated reset links generated through the vulnerable path, and placed affected accounts behind mandatory security checkpoints. The company also required password resets and re-authentication and said it would review similar recovery flows across its platforms.
Meta fixes the AI support account-takeover issue
Meta said it fixed the Instagram AI support flaw after reports surfaced, with Andy Stone stating on Monday that the issue had been resolved and affected accounts were being secured. Multiple reports describe the remediation as an emergency patch or hotfix to stop the abusive recovery flow.
Reports surface of notable Instagram account hijackings
By the end of May and start of June, multiple reports described takeovers of high-profile Instagram accounts including the Obama White House archive, Jane Manchun Wong, Sephora, and a senior U.S. Space Force official. Some compromised accounts were briefly defaced with pro-Iranian imagery, and stolen short-handle accounts were reportedly offered for resale on Telegram.
Meta expands AI support to Facebook and Instagram
Meta announced in March that AI support would be expanded across Facebook and Instagram, including functions such as password resets and account security recovery. Another report says Meta began using the AI support assistant for customer service in March.
Meta discovers exploitation of the HTS recovery flaw
Meta said it discovered the issue on 2026-05-31 after the vulnerable recovery path had been exploited in the wild. The company determined that the flaw affected Instagram account recovery by failing to validate that the submitted recovery email matched the account on file.
Telegram videos and instructions publicize the takeover method
Telegram channels circulated instructions and a demonstration video showing how attackers could use Meta's AI support workflow to add a new email address and reset a victim's password. One report explicitly anchors these posts and videos to May 31.
Attackers begin exploiting Instagram recovery flaw
Meta later disclosed that exploitation of the vulnerable AI-assisted High Touch Support recovery flow began on 2026-04-17. The flaw let password reset links be sent to email addresses not associated with the targeted Instagram accounts.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
29 references tracked. Mallory keeps watching after this page renders.
AI Security Incident Case: Account Takeover Due to Meta AI Support Assistant Authorization Flaw - NSFOCUS
nsfocusglobal.com
Open sourceMeta Instagram Recovery Flaw Exposed More Than 20,000 Accounts
techrepublic.com
Open sourceMeta Admits Its ‘AI’ Helped Hackers Compromise 20,000 Instagram Accounts | Techdirt
techdirt.com
Open sourceInstagram Recovery Tool Bug Exposed 20,225 Accounts to Password Reset Abuse
hackread.com
Open sourceHackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts. It Worked
404media.co
Open sourceHackers hijacked Instagram accounts by tricking Meta AI support chatbot into granting access | TechCrunch
techcrunch.com
Open sourceMeta AI Support Bot Helped Hackers Hijack Instagram Accounts - MacRumors
macrumors.com
Open sourceMeta's Own AI Chatbot to Blame for Instagram Accounts Being Stolen in Seconds
fortra.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Meta Disrupts Coordinated Abuse Networks on Its Platforms
**Meta** reported separate enforcement actions against coordinated abuse on its platforms, including the takedown of more than **150,000 accounts** tied to scam compounds in Southeast Asia and the removal of about **300 accounts and pages** linked to an **Iranian influence operation** targeting U.S. Instagram users. The scam-related action was conducted with international law enforcement and was associated with the arrest of **21 alleged fraudsters**, underscoring a broader campaign to dismantle industrialized online fraud networks operating from regional scam hubs. Meta said the Iranian operation used **fake personas**, AI-generated profile images, fabricated occupations, and layered amplification accounts to build credibility with English-speaking U.S. audiences before introducing political messaging, particularly content critical of Israel and U.S. policy in the Middle East. The company said the network had limited real-world traction despite roughly **41,000 followers** across the Instagram personas, while the scam crackdown was paired with new fraud-detection features across **Facebook, Messenger, and WhatsApp**. A separate report about an **Instagram outage** described service disruption and backend failure speculation, but it was not part of the same security event.
Mar 21, 2026
Instagram Password Reset Spam and Data Leak Claims
Instagram experienced a large-scale abuse of its password reset feature, resulting in a flood of password reset emails sent to users. The company confirmed that this activity was due to external parties exploiting the password reset mechanism using stolen email addresses, but emphasized that there was no breach of its internal systems. Instagram stated it has since fixed the issue and reassured users that their accounts remain secure, advising them to disregard the unsolicited password reset emails. Simultaneously, cybersecurity firm Malwarebytes and other researchers reported that data from approximately 17.5 million Instagram accounts—including usernames, email addresses, phone numbers, and physical addresses—was leaked and distributed on hacking forums. While some sources suggest the data may have originated from previous API scraping incidents, Instagram and its parent company Meta deny any recent breach or API vulnerability, and the exact source and timing of the leaked data remain unconfirmed. The incident highlights the risks of feature abuse and the ongoing challenges of protecting user data from large-scale scraping and credential-based attacks.
Mar 21, 2026
AI-Enabled ‘Patriot Bait’ Campaign Used Fake Persona, Wallet Theft, and WordPress Cracking
A financially motivated operation dubbed **“American Patriot”** or **“Patriot Bait”** used a fake online persona, AI-assisted content generation, and social engineering to target victims aligned with QAnon and MAGA communities. Trend Micro said the actor relied on legitimate remote administration software for access, including `StellarMonSetup.exe` to install **GoToResolve** for persistence, and used a fraudulent “import your wallet” feature to steal cryptocurrency seed phrases, leading to at least one fully compromised wallet. Researchers found the activity was aimed at fraud and monetization rather than political influence, despite some thematic overlap with partisan narratives. The campaign also used frontier AI to streamline technical operations, including prompting **Gemini 2.5 Flash** to generate password mutations for WordPress brute-force attempts. Trend Micro said the actor successfully cracked **29 WordPress administrator accounts** spanning multiple business sectors, illustrating how natural-language AI tools can reduce the skill and cost required for credential attacks, infrastructure management, and scam operations. The findings portray a long-running criminal enterprise that blended influence-style messaging with remote access abuse, credential compromise, and cryptocurrency theft.
Jun 4, 2026