Hackers Used Meta AI Bot to Hijack Instagram Accounts in Major Security Breach

A security vulnerability in Instagram’s AI-powered support system allowed hackers to seize control of multiple user accounts, including several high-profile profiles, by manipulating Meta’s own chatbot into resetting account credentials.

Meta confirmed that it had fixed the flaw after security researchers and users exposed the issue over the weekend.

Among the compromised accounts were the Instagram profile associated with the Obama-era White House, inactive since 2017 and the account of US Space Force Chief Master Sergeant John Bentivegna.

Reports from users on Reddit and X suggested that ordinary Instagram users were also affected.

The incident has raised fresh concerns about the growing role of artificial intelligence (AI) in handling sensitive account security functions, including password recovery and account management.

Hackers Exploited AI Support Tool to Bypass Security Checks

Hackers were able to exploit Meta’s AI Support Assistant by convincing the chatbot to add a new email address to a targeted Instagram account. Once the new email was linked, the chatbot sent a verification code directly to the attacker-controlled address, allowing the hacker to reset the account password and take control.

Videos circulating on social media and messaging platforms demonstrated the alleged attack process step by step.

In some cases, hackers reportedly used virtual private networks (VPNs) to mimic the victim’s location and avoid triggering Meta’s automated security protections.

Security researcher Jane Wong, whose Instagram account was among those affected, described the experience in a post cited by TechCrunch.

“The password got changed without my knowledge and I was getting different password reset attempts throughout yesterday,” Wong said, while expressing that the situation was “quite concerning”.

Meta Moves to Secure Accounts as Questions Grow Over AI Safety

Following public disclosure of the vulnerability, Meta said it had addressed the issue and was working to protect affected users.

“This issue has been resolved, and we are securing impacted accounts,” the company said in a statement quoted by The Guardian.

The breach comes only months after Meta expanded its AI-powered customer support tools across Facebook and Instagram.

In a March announcement, the company described the assistant as “a major step in our work to deliver stronger support on our apps” and highlighted its ability to perform tasks such as reporting scams, handling account issues and resetting passwords.

While Meta has not disclosed how many accounts were compromised, cybersecurity experts say the incident highlights the risks of allowing AI systems to perform high-level security functions without sufficient safeguards.

The breach is likely to intensify scrutiny of how technology companies deploy AI in areas where mistakes can directly affect user privacy and account security.