Hackers Tricked Meta's AI Chatbot to Steal Instagram Accounts

Key Takeaways

• Hackers exploited Meta's AI support chatbot to reset passwords and steal Instagram accounts without accessing victims' email
• High-profile accounts including the Obama White House and U.S. Space Force's chief master sergeant were compromised
• Meta says the vulnerability has been fixed, but the company hasn't disclosed how many accounts were affected

The Attack Method

Over the weekend, Instagram users reported a wave of account takeovers that exploited a surprising weak point: Meta's own AI customer support assistant. The attack allowed hackers to reset passwords and link new email addresses to victims' accounts, all without ever compromising the original email.

A video posted on X showed the step-by-step process. The attacker used a VPN to spoof the target's location, avoiding Instagram's automated security protections. Then they opened a chat with Meta AI Support Assistant and asked the bot to add a new email address to the target's account.

The chatbot sent a verification code to the attacker's email. The hacker shared that code back with the chatbot, which prompted a "Reset Password" button. New password entered. Account stolen. TechCrunch verified that the hacker's public email mailbox did receive the verification code shown in the video.

"The password got changed without my knowledge and I was getting different password reset attempts throughout yesterday," said security researcher Jane Wong, whose account was among those hijacked. "Quite concerning."

High-Profile Victims

The compromised accounts included the Instagram handle for the Obama-era White House, which had been inactive since 2017, and the account of U.S. Space Force Chief Master Sergeant John Bentinvegna. Wong's account rounded out the confirmed high-profile targets.

The attack targeted accounts with valuable usernames. Short, original "OG" handles can fetch over $500,000 on black markets. Inactive legacy accounts like the Obama White House are prime targets because owners are less likely to notice unauthorized access quickly.

Meta's Response

Instagram spokesperson Andy Stone said Monday that the issue was fixed. Meta did not respond to requests for comment on how many accounts were improperly accessed. The company also hasn't explained why its AI assistant was able to bypass standard verification protocols.

The vulnerability raises questions about Meta's deployment of AI for security-sensitive functions. The company recently rolled out the conversational support assistant to speed up account recovery for locked-out users. Speed came at the cost of verification rigor.

Why AI Support Systems Are Vulnerable

The exploit worked because the AI prioritized being helpful over being secure. By spoofing the victim's IP address, attackers made the chatbot believe it was talking to the legitimate account owner. The bot then followed its programming: help the "user" regain access.

“This incident highlights the extreme risks of offloading critical security functions to generative AI without sufficient human oversight or fail-safe protocols.”

— Anonymous Cybersecurity Analyst, Industry Roundtable

Account recovery fraud attempts involving automated systems jumped 98% in Q2 2026, according to industry data. As companies replace human support agents with AI chatbots, attackers are finding that LLMs can be social-engineered just like people. Sometimes more easily.

Community Reaction

Users on Reddit expressed frustration that they couldn't reach a human even after receiving alerts about unauthorized login attempts. On Hacker News, discussions focused on what some called "hallucination of authority" by LLMs, where the model's drive to be helpful overrides strict verification protocols.

Instagram has over 3 billion monthly active users. The scale makes human support for every account recovery request impractical. But this weekend's events show that fully automated security decisions carry real risks.

What Users Should Do

• Enable two-factor authentication using an authenticator app, not SMS
• Check Settings > Security > Login Activity for unfamiliar sessions
• Verify your recovery email and phone number are current
• Review third-party apps with access to your account
• Use a unique, strong password not shared with other services

These steps won't stop every attack, especially one that bypasses email verification entirely. But they raise the barrier and give you more chances to catch unauthorized access before losing control.

Frequently Asked Questions

How did hackers steal Instagram accounts using Meta's AI chatbot?

Attackers used a VPN to spoof the victim's location, then asked Meta's AI support assistant to add a new email address. The bot sent a verification code to the attacker's email, which they used to reset the password and take over the account.

Has Meta fixed the Instagram AI chatbot vulnerability?

Yes. Meta spokesperson Andy Stone confirmed Monday that the issue has been resolved. The company hasn't disclosed how many accounts were compromised.

Which Instagram accounts were hacked in this attack?

Confirmed victims include the Obama-era White House Instagram handle, U.S. Space Force Chief Master Sergeant John Bentinvegna's account, and security researcher Jane Wong's account.

Can two-factor authentication prevent this type of Instagram hack?

Traditional 2FA may not fully protect against attacks that bypass email verification. Using an authenticator app instead of SMS provides better protection, but this specific exploit worked by tricking Meta's AI into skipping verification steps entirely.

Why are AI chatbots vulnerable to social engineering attacks?

AI support systems are often designed to prioritize helpfulness. When attackers spoof location data and craft convincing requests, the AI may follow instructions without the skepticism a trained human agent would apply to unusual account recovery requests.

Source: TechCrunch / Lorenzo Franceschi-Bicchierai