Researchers warn Meta's AI Instagram support can be tricked to email password reset links

Posts on X and a now-removed Hacker News thread describe a prompt that convinces the AI agent to send reset links to attacker emails without identity checks; posters say takeovers are active and urge users to lock down email and 2FA.

By ยท

Why it matters

Link rot across social and aggregator platforms can erase the context around launches and incidents. Founders who ship on X should mirror key posts to durable URLs so customers and press can verify claims later.

Digital security breach through AI-assisted social media support (Mixed-media paper collage with torn newsprint, photographic cutouts, tape and staples, and a subtle scanner shadow effect.)

Security researchers and OSINT accounts on X are circulating a method to take over Instagram accounts by manipulating Meta's AI-powered support agent into sending password reset links to attacker-controlled email addresses. The claims originated in a now-removed Hacker News submission and were amplified by posts from @weezerOSINT, @darkrai, and @naderlow999.

https://x.com/weezerOSINT/status/2061223556994965643

According to these posts, an attacker can prompt the assistant to link a new email address to a specified username, receive a request from the AI for an 8-digit code, and then obtain a password reset link sent to the attacker-controlled email. Posters claim the flow does not enforce a selfie check and, in some cases, appears to side-step two-factor authentication prompts.

A detailed warning by X user @naderlow999 summarizes the pattern as:

  • The attacker asks the AI assistant to link a new email for a target username, provides an email address, and is then asked for an 8-digit code.
  • A password reset link arrives at the attacker-provided email, enabling a password change and account takeover.

Additional operational notes circulating with the method include:

  • Matching the target's apparent region with a VPN may increase success rates.
  • The same email can be reused multiple times.
  • It reportedly works from a mobile device without a PC.
  • If 2FA is enabled, the flow may still present a path to bypass, depending on the prompts shown.

We are omitting the exact attacker phrasing to avoid harm. The poster of the Hacker News item also claimed the technique has already been used to hijack more than 100 high-value Instagram accounts and is being shared in Telegram channels, and urged Meta to disable the AI support feature and restore hijacked accounts and usernames.

What users can do now, per the same posts and common account hygiene:

  • Enable 2FA using an authenticator app (not just SMS).
  • Do not share any 6- or 8-digit verification codes with anyone.
  • Be suspicious of any message asking you to verify your account.
  • Use Instagram recovery codes and store them securely.
  • Consider changing your account email to a private address not used elsewhere.
  • Report suspicious activity to Instagram immediately.

The status of any fix is unclear. We reached out to Meta's PR team and will update when we hear back. The original poster added that Meta did not acknowledge a prior February exposure of contact information; we have not independently verified these claims.

Reader comments

Conversation for this story loads after sign-in.