Hackers Tricked Meta AI Into Handing Over Instagram Accounts

Key Takeaways

• Hackers exploited Meta's AI customer service to hijack 300+ Instagram accounts by tricking the chatbot into linking new email addresses
• High-profile victims included the Obama White House, Sephora, and the U.S. Space Force
• Meta patched the vulnerability within days, but the incident raises questions about AI-driven account security without human oversight

The Instagram account of the Obama White House sat dormant for nine years. Then, over the weekend, hackers took it over, filling the page with pro-Iranian imagery. The attackers didn't need sophisticated tools or inside access. They just asked Meta's AI chatbot nicely.

Instructions spread online showing how to trick Meta AI into transferring control of Instagram accounts. The method was simple: convince the chatbot to link a third-party email address to an existing account. Once linked, attackers could reset passwords and lock out the original owners.

Meta spokesperson Andy Stone confirmed the breach in a statement posted to X: "This issue has been resolved and we are securing impacted accounts."

How the Attack Worked

The exploit was surprisingly straightforward. Attackers used VPN connections with IP addresses near the target's usual location. This made the requests appear legitimate to Meta's systems.

From there, they asked the AI chatbot to link the account to a new email address. Meta AI complied, sending a one-time verification code to the attacker's email. Once verified, the attackers could reset the password and take full control.

The vulnerability emerged roughly three months after Meta delegated certain customer service functions to AI. These included handling forgotten password requests, a common but sensitive operation.

Who Got Hit

The Obama White House account grabbed headlines, but the attack reached far beyond political targets. Victims included Sephora, the beauty retailer, and the Office of the Chief Master Sergeant of the U.S. Space Force.

Security researcher Jane Wong was also affected. "The password got changed without my knowledge and I was getting different password reset attempts throughout yesterday," Wong wrote on social media. "And I got repeatedly logged out from the IG iOS app. Quite concerning."

One user who claimed to have multiple accounts compromised put it bluntly: "These aren't some random new accounts. These are verified, locked down accounts and they still got compromised."

The Human-in-the-Loop Problem

The incident exposes a fundamental tension in AI-powered customer service. Automation makes support faster and cheaper. But sensitive operations like account recovery create obvious attack surfaces when no human reviews the request.

“The whole thing just highlighted how stupid it is to automate account security without any human in the loop. One AI fooling another AI while there's literally no person anywhere to catch it.”

— Affected user

Security researchers call this type of attack "prompt injection." Attackers craft requests that exploit logical gaps in how AI systems interpret instructions. The Meta AI assistant apparently lacked sufficient safeguards to distinguish legitimate account recovery from social engineering.

Discussions on Hacker News and r/netsec focused on what observers called "automated trust." Many argued that sensitive account actions should always require human verification, regardless of how convincing the request appears to an AI.

A Growing Trend

This wasn't an isolated incident. AI-led social engineering attacks targeting enterprise social media accounts have increased an estimated 50% throughout 2026. As companies rush to deploy AI customer service tools, attackers are finding creative ways to exploit them.

Meta patched the vulnerability quickly. But as one affected user noted: "Now, thankfully, it's patched but I don't think it will be the last one."

What Organizations Should Do

• Audit AI customer service workflows for sensitive operations like password resets and account recovery
• Require human approval for any request that changes account ownership or primary credentials
• Monitor for unusual login patterns, especially VPN traffic from unexpected locations
• Enable all available multi-factor authentication options on high-value accounts
• Maintain direct contact channels with platform support teams for verified business accounts

Frequently Asked Questions

How did hackers take over Instagram accounts using Meta AI?

Attackers asked Meta's AI customer service chatbot to link new email addresses to existing accounts. The AI complied without sufficient verification, allowing hackers to reset passwords and take control.

Which Instagram accounts were affected by the Meta AI hack?

Over 300 accounts were compromised, including the Obama White House, Sephora, the U.S. Space Force, and security researcher Jane Wong.

Has Meta fixed the Instagram account vulnerability?

Yes. Meta spokesperson Andy Stone confirmed the issue has been resolved and affected accounts are being secured.

What is a prompt injection attack?

A prompt injection attack tricks an AI system into performing unintended actions by crafting requests that exploit logical gaps in how the AI interprets instructions.

How can I protect my Instagram account from similar attacks?

Enable all available multi-factor authentication options, use a unique email address for your Instagram account, and monitor for unexpected password reset notifications.

Source: Fast Company / Chris Morris