Researchers report Meta AI support bot changed Instagram recovery emails without identity checks

• According to the HN-linked summary, attackers could get Meta's Instagram recovery bot to attach an attacker-controlled email to a target account, then use the verification code sent to that email to reset the password.
• Krebs on Security reported that takeover instructions spread in Telegram channels on May 31, while WesRoth's report said the affected accounts included the Obama White House, Space Force, and Sephora handles.
• The core failure was a high-privilege support agent inside account recovery without hard identity checks, a design problem that the main HN thread framed as a zero-auth reset path and SecurityWeek described as a confused deputy bug.
• Meta said the issue was fixed, with BBC's report quoting spokesperson Andy Stone saying, "This issue has been resolved and we are securing impacted accounts," even as HN commenters were still discussing possible exploit variants.

You can watch the demo video, read Sid's blunt takeover writeup, and skim the 2,000-plus point Hacker News thread. The weirdest detail is how little the attack needed: the HN-linked summary says a username, location spoofing, and a chat with the support bot were enough to start the recovery flow.

Exploit walkthrough video

The reported chain was short. Sid's writeup says attackers spoofed their location with a VPN, opened a chat with Meta's support assistant, asked it to link a new email to the target username, then used the code sent to that new email to complete a password reset.

The HN-linked summary describes the same sequence and adds the crucial detail: the bot allegedly linked the new email without verifying that the requester already controlled the account.

The story moved fast enough that early explanations split. Gergely Orosz's first post argued selfie verification had become useless in the age of generated media, but his follow-up said the bigger issue was simpler, the check reportedly did not run at all.

That matches where the technical discussion settled. In the discussion summary, commenters called it a "zero auth" reset path, argued 2FA could be bypassed if recovery could disable or step around it, and focused on the decision to let an AI support flow touch email changes and recovery state at all.

Meta did not publish a detailed postmortem in the reporting window, but BBC's report says Andy Stone posted that the issue had been resolved and that impacted accounts were being secured. The same BBC report says Stone separately called claims about world leaders being hacked "totally false," which leaves a narrower confirmed set of impacted accounts than some viral posts suggested.

The mess after takeover was its own failure mode. WesRoth's report said victims struggled to reach a human once accounts were stolen, while BleepingComputer reported users getting stuck in AI support loops during recovery.