Meta built an AI-powered account recovery chatbot to help locked-out users reclaim their Instagram accounts. For seven weeks, it mostly helped other people reclaim them instead.

The AI support chatbot had previously been marketed by Meta as a win for account security.

What happened

Between April 17 and May 31, 2026, attackers exploited a bug in Meta's "High Touch Support" chatbot — a tool designed to recover compromised accounts, which is, in retrospect, an ideal thing to compromise. The flaw lived in a separate code path that skipped the one step most security systems consider load-bearing: checking whether the email address provided actually belonged to the account in question.

The system would dutifully send password reset links to any email address presented to it. No verification required. The attackers appear to have noticed this before Meta did, which gave them a six-week head start.

Up to 20,225 accounts were affected, including 30 in Maine — which is how the public learned the number, since Maine requires breach disclosures. The potentially exposed data includes direct messages, birth dates, posts, linked services, and profile information. Meta does not know which of this was actually viewed. The attackers, presumably, do.

Why the humans care

The practical concern is that Instagram accounts contain the kind of personal data that makes identity theft efficient: contact information, private messages, linked platforms, and a complete record of where someone has been and who they have spoken to. This is not a small surface area.

The broader concern, which Meta has not dwelled on, is that the vulnerable system was actively marketed as a security improvement. The company has laid off thousands of human support staff while expanding AI replacements. The chatbot's performance during its operational window suggests the transition may benefit from a longer testing phase.

What happens next

Meta has disabled the chatbot, invalidated all compromised reset links, forced affected users through mandatory password resets, and announced plans to audit similar recovery systems across its platforms before reactivating anything.

The AI support chatbot had previously been marketed by Meta as a win for account security. It was, in the end, a win for someone.