Meta AI Security Flaw Let Hackers Hijack Instagram Accounts

Meta’s growing reliance on artificial intelligence for customer support came under scrutiny this week after hackers discovered a way to manipulate the company’s AI-powered support chatbot into granting unauthorized access to Instagram accounts. The security flaw, which has now been fixed, reportedly allowed attackers to take control of accounts without needing access to the account holder’s email address, raising broader concerns about the risks of allowing AI systems to handle sensitive security functions.

The issue came to light after users on social media platforms including Reddit and X began reporting a wave of Instagram account takeovers. Among the accounts reportedly affected were several high-profile profiles, including an Instagram account associated with the Obama-era White House, the account of U.S. Space Force Chief Master Sergeant John Bentivegna, and beauty retailer Sephora. Security researcher and former Meta employee Jane Manchun Wong also reported that her account had been compromised after her password was changed without her knowledge.

Videos and screenshots shared online demonstrated how the exploit worked. According to researchers and users who investigated the issue, attackers first used a virtual private network (VPN) to make it appear as though they were logging in from the same geographic location as the account holder. This step helped bypass some of Instagram’s automated security protections. The attackers then opened a conversation with Meta’s AI Support Assistant and requested that a new email address be linked to the targeted Instagram account.

Rather than requiring verification from the account’s original email address, the chatbot reportedly sent a verification code directly to the new email address provided by the attacker. Once the attacker entered that code into the chat, the AI assistant presented an option to reset the account password. After creating a new password, the attacker could effectively take control of the account. Researchers noted that at no point did the hacker need access to the victim’s legitimate email account, making the vulnerability particularly concerning.

Meta confirmed the flaw and announced that it had been resolved. “This issue has been resolved, and we are securing impacted accounts,” company spokesperson Andy Stone said. Stone also disputed claims circulating online that the vulnerability had been used to compromise accounts belonging to world leaders, calling those reports inaccurate. However, reports from cybersecurity researchers and media outlets linked the exploit to several high-profile account takeovers, including the account previously used by former U.S. President Barack Obama while in office. According to reports, the account briefly posted pro-Iran content before being recovered.

The incident highlights growing concerns about the role of AI in security-sensitive processes. Earlier this year, Meta rolled out its AI support assistant across Facebook and Instagram, promoting it as a tool capable of handling requests such as reporting scams, addressing impersonation accounts, and resetting passwords. While the system was designed to streamline customer support, critics argue that granting AI systems authority over account recovery creates new opportunities for exploitation.

Cybersecurity experts described the attack as a form of “prompt injection,” a technique in which users manipulate an AI system into performing actions it should not normally allow. Aiden Sinnott, a principal threat researcher at Sophos, warned that similar attacks are likely to become more common as companies increasingly deploy AI-powered support tools without sufficient safeguards. Marijus Briedis, chief technology officer at NordVPN, echoed those concerns, arguing that account recovery is one of the most sensitive functions on any platform and should never prioritize convenience over strong identity verification.

The breach comes as Meta continues to invest heavily in artificial intelligence. Under CEO Mark Zuckerberg, the company plans to spend billions of dollars on AI infrastructure and has expanded the use of AI across its products and services. However, this latest incident serves as a reminder that while AI can improve efficiency and automate support tasks, it can also introduce new security risks when given too much authority without adequate oversight. As more organizations replace traditional customer service systems with AI-driven alternatives, the challenge will be balancing innovation with the safeguards needed to protect users and their data.

Works Cited

Franceschi-Bicchierai, Lorenzo. “Hackers Hijacked Instagram Accounts by Tricking Meta AI Support Chatbot into Granting Access.” TechCrunch, 1 June 2026, https://techcrunch.com/2026/06/01/hackers-hijacked-instagram-accounts-by-tricking-meta-ai-support-chatbot-into-granting-access/.

Mansoor, Sanya, and Dan Milmo. “Hackers Trick Meta AI Support Bot to Infiltrate Obama White House Instagram Account.” The Guardian, 1 June 2026, https://www.theguardian.com/technology/2026/jun/01/meta-ai-hack-obama-sephora-instagram.

McMahon, Liv. “Instagram AI Chatbot Tricked by Hackers to Give Access to Others' Accounts.” BBC News, 2 June 2026, https://www.bbc.com/news/articles/c98rzr72dpyo.

“Instagram Logo Displayed on a Smartphone.” PCMag, https://i.pcmag.com/imagery/articles/04KwByJ6NyQJaosKOz6f01W-1.fit_lim.size_1200x630.v1780337492.jpg. 

“Mark Zuckerberg at an Event (Getty Images).” Fortune, https://fortune.com/img-assets/wp-content/uploads/2025/04/GettyImages-2152655733-e1745854932924.jpg?w=1440&q=75.