Welcome to the forefront of conversational AI as we explore the fascinating world of AI chatbots in our dedicated blog series. Discover the latest advancements, applications, and strategies that propel the evolution of chatbot technology. From enhancing customer interactions to streamlining business processes, these articles delve into the innovative ways artificial intelligence is shaping the landscape of automated conversational agents. Whether you’re a business owner, developer, or simply intrigued by the future of interactive technology, join us on this journey to unravel the transformative power and endless possibilities of AI chatbots.
Posts from this topic will be added to your daily email digest and your homepage feed.
See All Tech
Posts from this topic will be added to your daily email digest and your homepage feed.
See All News
Posts from this topic will be added to your daily email digest and your homepage feed.
See All Meta
Meta blames a bug on an exploit that allowed hackers to ask its AI support bot to link a victim’s account with their own email.
Meta blames a bug on an exploit that allowed hackers to ask its AI support bot to link a victim’s account with their own email.
Posts from this author will be added to your daily email digest and your homepage feed.
See All by Emma Roth
Posts from this author will be added to your daily email digest and your homepage feed.
See All by Emma Roth
Hackers likely took over 20,225 Instagram accounts using Meta’s AI support chatbot, the company confirmed in a notice filed with the state of Maine. In the notice, spotted earlier by Bleeping Computer, Meta blames a “bug” for the exploit that allowed attackers to hijack accounts without two-factor authentication simply by asking the chatbot for a password reset:
The tool itself worked properly and functioned as intended; however due to a bug in a separate code path, the system did not properly verify that the email address provided by the individual requesting a password reset matched the email address associated with that user’s Instagram account. As a result, when an individual provided an email address not previously associated with the account, the system incorrectly sent a password reset link to that unassociated email rather than rejecting the request. This allowed unauthorized third parties to receive a password reset link for accounts they did not own.
Meta says the attack first surfaced on May 31st, with Meta communications head Andy Stone saying the company “resolved” the incident on June 1st. During this time, several high-profile Instagram accounts were impacted, including former President Barack Obama’s old White House account, US Space Force Chief Master Sergeant John F. Bentivegna, and Sephora. In the notice, Meta adds that it’s “unaware” of whether any personal data was accessed as a result of the exploit, but notes that account hijackers could’ve obtained email addresses, phone numbers, birthdates, social media posts, direct messages, profile information, account activity, and connected accounts.
The notice says 30 of the impacted users lived in Maine. The number refers to “users who had their passwords reset through the support tool, did not have 2FA enabled on their account and whose Instagram accounts were likely accessed by an unauthorized party” — though Meta says it’s an “upper bound,” as some of these accounts may have been accessed legitimately.
The company notes that it disabled its AI support tool and removed the buggy code path, while invalidating any password reset links generated using the exploit. It also enrolled all potentially impacted accounts “into a mandatory security checkpoint requiring authentication before any account access.”
Posts from this author will be added to your daily email digest and your homepage feed.
See All by Emma Roth
Posts from this topic will be added to your daily email digest and your homepage feed.
See All Instagram
Posts from this topic will be added to your daily email digest and your homepage feed.
See All Meta
Posts from this topic will be added to your daily email digest and your homepage feed.
See All News
Posts from this topic will be added to your daily email digest and your homepage feed.
See All Security
Posts from this topic will be added to your daily email digest and your homepage feed.
See All Tech
A free daily digest of the news that matters most.
This is the title for the native ad
This is the title for the native ad
© 2026 Vox Media, LLC. All Rights Reserved
Sign in to see your notifications or create an account to join the conversation.
