Security vulnerability in Meta’s AI-driven account recovery system allowed attackers to bypass protections and compromise premium Instagram accounts, including a former White House handle linked to Barack Obama.
WASHINGTON: Meta, the parent company of Facebook, Instagram, and WhatsApp, has confirmed it has fixed a major security vulnerability in its artificial intelligence-based support system that enabled hackers to take over high-value Instagram accounts.
Andy Stone, a Meta communications official, said on social media platform X that the issue has been resolved and affected accounts are being secured.
“This issue has been resolved and we are securing impacted accounts,” he said.
How the AI Support System Was Exploited
The flaw reportedly allowed attackers to manipulate Meta’s AI-powered account recovery assistant, which was introduced globally to streamline technical support and password recovery.
According to cybersecurity reports, hackers were able to:
- Use VPN tools to match the victim’s geographic location
- Trigger password reset requests
- Open chats with the AI support assistant
- Redirect account recovery emails to attacker-controlled addresses
- Obtain an 8-digit verification code
- Reset passwords and lock out legitimate users
The exploit effectively bypassed traditional safeguards without requiring access to users’ phone numbers or email accounts.
High-Profile Accounts Among Victims
The breach reportedly affected several prominent accounts over the weekend, including:
- A dormant White House Instagram account associated with former US President Barack Obama
- Global cosmetics retailer Sephora
- US Space Force Chief Master Sergeant John Bentivegna
The compromised Obama-linked account, inactive since 2017, was briefly defaced with pro-Iranian content before Meta intervened and regained control.
Discovery and Spread of the Exploit
Reports indicate that details of the vulnerability were initially circulated in Telegram groups before being publicly exposed on social media platform X, raising concerns over how quickly cyber exploits can spread once discovered.
The incident highlights growing risks associated with the integration of artificial intelligence into customer support and account recovery systems.
Meta Under Pressure Over AI Security
The breach adds to scrutiny over Meta’s rapid rollout of AI tools across its platforms, particularly as automated systems take on sensitive roles such as identity verification and account recovery.
Cybersecurity experts warn that AI-driven support systems may become attractive targets for attackers if not properly hardened against social engineering and procedural manipulation.
