Meta's Instagram AI Assistant Exploited to Bypass Two-Factor Authentication, High-Value Accounts Stolen Before Emergency Patch

A critical flaw in Meta's Instagram AI recovery assistant is being exploited to bypass two-factor authentication, allowing attackers to hijack high-value accounts worth hundreds of thousands of dollars before Meta issues an emergency patch Friday night, with researchers warning this exposes a dangerous industry-wide pattern of AI agents granted unchecked access to privileged systems.

• A critical prompt injection vulnerability in Meta's AI-powered Instagram account recovery assistant allows attackers to bypass two-factor authentication entirely by simply instructing the chatbot via natural language to reroute password reset emails to an attacker-controlled address, with no out-of-band verification required.
• High-value 'OG' Instagram handles worth hundreds of thousands of dollars, including @hey, @jowo, and the dormant @obamawhitehouse account, are stolen and resold on Telegram within minutes, exposing the real-world financial and reputational damage caused by granting an LLM write access to privileged account-management APIs without deterministic authentication checkpoints.
• Meta pushes an emergency patch Friday night restricting the vulnerable AI recovery flows and states no backend database was breached, but security researchers warn the incident represents a broader industry-wide architectural failure, as many other organizations likely deploy AI agents with similarly dangerous privilege gaps that have yet to be discovered or exploited.