Meta's AI Resets Passwords for Strangers

Today, we look at the Meta AI Instagram hack, where the password thief didn't need your password.

Only manners.

Coffee at the ready…

The Meta AI Instagram hack worked because the bot did exactly what Meta built it to do.

Over the weekend, attackers asked the AI support assistant to swap the email on accounts they did not own. It complied, allowing them to reset passwords and seize handles such as the old Obama White House page and Sephora.

Watch whether regulators treat this as a bug or a design choice.

Turns out "solutions, not just suggestions" was a threat, not a slogan.

The method was almost insultingly simple.

Spoof your location with a VPN to match the target's region. Start a password reset. Then ask the AI to switch the email to one you control.

The bot did not ask for a password or a real identity check.

Meta gave this assistant the power to relink emails and reset logins, then pointed it at strangers.

Security researchers call this "excessive agency": an AI handed dangerous permissions without a hard checkpoint. Account takeover is an old crime.

What's new is the bouncer waving anyone past the rope.

Meta sold this tool as account-takeover defence, claiming AI could spot a suspicious new login and step in.

Instead, it became the attacker's fastest route in. Some victims could not even reach a human to recover their accounts.

The exploit reportedly failed against accounts with two-factor authentication switched on.

Even a basic SMS code blocked it. Meta says it has patched the flow.

Stolen handles were already listed on Telegram within hours.

Pro: Most recovery requests are real users locked out, and a queue measured in weeks does its own harm. Fast AI help is the humane default.

Con: Giving a chatbot write-access to account security with weak verification turns one clever prompt into a master key.

Our read: The convenience was real. But Meta gave a bot powers it could not police, and users paid the bill.

[Analysis] Krebs on Security — "Hackers Used Meta's AI Support Bot to Seize Instagram Accounts"

The exploit reportedly failed against any account with multi-factor authentication, even a plain SMS code.

Why it matters: The fix many victims needed was a free toggle they never flipped.

Stolen Instagram handles hit Telegram markets within hours.

404 Media — Hackers Simply Asked Meta's AI for Access. It Worked. The original report, with the receipts on which accounts fell.

TechCrunch — Meta Confirms the Fix. Meta's own spokesman says the hole is closed, which tells you it was open.

CA Attorney General — 40 AGs Warned Meta in 2024. Two years before the bot, states begged Meta to fix takeovers. The reply was a chatbot.

Would you let an AI reset your account password?

You can read all our back issue newsletters for free here.

For the love of coffee, see you tomorrow!

Enjoy your Tuesday, keep it caffeinated.

That's the brew for Tuesday.

Lock down your 2FA.

Read yesterday’s newsletter about DuckDuckGo’s Google takeover here.

Thanks for reading!

Are you subscribing?

Join your crew of caffeinated sceptics today.

Be sure to get your daily Curse and Coffee fix by hitting the button below.

Open Monday to Friday.