June 6, 2026
Botched by the bot
Meta confirms 1000s of Instagram accounts were hacked by abusing its AI chatbot
Meta’s bot handed over Instagram accounts — and commenters are absolutely roasting it
TLDR: Meta says more than 20,000 Instagram accounts were hijacked after hackers tricked its AI recovery chatbot into sending password reset links to the wrong people. Commenters are roasting the company, saying this wasn’t “abuse” so much as a giant unlocked door — and a warning about trusting chatbots with sensitive accounts.
Meta says at least 20,225 Instagram users had their accounts taken over after hackers exploited the company’s AI-powered account recovery tool, and the internet’s reaction is basically: you cannot be serious. According to Meta, the chatbot was supposed to help people get back into their accounts, but instead it could be tricked into sending password reset links to a hacker’s email. In plain English: if your account didn’t have extra login protection turned on, someone could waltz in and lock you out. That hack reportedly ran from April until this week.
But the real fireworks are in the comments, where people are absolutely dragging Meta’s explanation. One user mocked the company’s claim that the tool “worked properly,” asking how a system can be called proper when it helped strangers grab other people’s accounts. Another pointed to earlier discussions of the exploit and rolled their eyes at Meta’s awkward, corporate-sounding confirmation. The harshest critics went full scorched earth, comparing it to leaving a bedroom door wide open and then blaming people for “abusing” it.
The biggest theme? Trust is in the shredder. Commenters said if a bank pulled this kind of stunt, customers would flee instantly. Others tied the mess to Meta’s bigger AI push, accusing the company of replacing human judgment with chatbot chaos while cutting staff and rewarding executives. The mood is a mix of disbelief, fury, and dark comedy: less “AI future” and more robot receptionist accidentally giving your house keys to a burglar.
Key Points
- •Meta disclosed that at least 20,225 Instagram users had accounts compromised through abuse of an AI-assisted account recovery system.
- •The vulnerability allowed attackers to cause password reset links to be sent to email addresses they controlled instead of the legitimate account email.
- •According to the article, accounts without two-factor authentication enabled were vulnerable to takeover through the flaw.
- •Meta said compromised accounts and linked accounts could expose contact information, dates of birth, profile information, posts, direct messages, and account activity.
- •Meta said the attacks began around April 17, disabled the chatbot, removed the vulnerable code path, and instructed affected users to reset passwords and re-authenticate through verified channels.