Instagram Meta AI vulnerability enabling unauthorized password reset requests and account takeover attacks

A security flaw in Instagram's Meta AI account recovery tool reportedly allowed attackers to manipulate the chatbot into forwarding password reset codes without proper identity verification. The vulnerability enabled unauthorized account takeover attempts by exploiting weaknesses in the AI's account recovery logic.

Instagram Meta AI vulnerability enabling unauthorized password reset requests and account takeover attacksInstagram Meta AI vulnerability enabling unauthorized password reset requests and account takeover attacks

Cybercriminals targeted high-value Instagram usernames, some worth significant amounts on underground marketplaces, and quickly resold compromised accounts through Telegram channels. Meta confirmed that no backend systems were breached and has since patched the issue to prevent further abuse.

The incident highlights the growing security risks associated with AI-powered support and recovery tools. Users are encouraged to enable app-based two-factor authentication (2FA), use strong unique passwords, and regularly review account security settings to reduce the risk of account compromise.


NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, FraudProtector.net