Meta AI Chatbot Hijacked to Steal High-Profile Instagram Accounts

Key Takeaways

• Hackers bypassed standard security verification by tricking Meta's AI chatbot into linking attacker-controlled emails to victim accounts
• High-profile accounts including Obama's White House page and Sephora were compromised before Meta's June 1 patch
• The exploit spread via Telegram tutorials showing step-by-step instructions for the prompt injection attack

Meta's AI-powered support assistant became an unwitting accomplice to hackers in late May 2026. Attackers discovered they could manipulate the chatbot into handing over account access without needing a victim's email address, phone number, or any traditional phishing techniques.

The vulnerability allowed takeovers of both ordinary users and high-profile accounts. Among the casualties: the archived Obama White House Instagram account, the personal account of Chief Master Sergeant John Bentivegna, and global beauty retailer Sephora.

Meta confirmed the issue has been patched. Spokesperson Andy Stone wrote in a public reply to security researcher Jane Wong: "We have fixed an issue that allowed an external party to request password reset emails, and are working to restore access to impacted accounts."

How the Attack Worked

Meta rolled out its AI support assistant on Instagram and Facebook earlier this year. The chatbot handles common tasks: updating profile settings, managing privacy controls, reporting impersonation accounts, and resetting passwords. That last feature became the weak link.

Videos circulating on Telegram showed the exploit in detail. An attacker would simply ask Meta's AI assistant to add a new email address to a target's Instagram account. The AI would then send a verification code to the attacker's email, not the original account owner's address. Once the attacker shared the verification code with the chatbot, it would provide a password reset link.

The technique relied on prompt injection, a method where carefully crafted inputs trick AI systems into ignoring their security guardrails. By matching IP locations and using specific phrasing, attackers could bypass verification steps that would normally flag suspicious activity.

Who Got Hit

The attack wasn't limited to celebrity accounts. One Reddit user described losing an account they'd held since 2010 or 2011. "I've tried to get my account back (it still exists, I can use another account to check on it), but I'm not famous or verified, so I'm SOL," they wrote.

Security researcher Jane Wong posted on X about her own experience: "Even my Instagram account got hacked. The password got changed without my knowledge and I was getting different password reset attempts throughout yesterday. And I got repeatedly logged out from the IG iOS app."

The timing suggests the exploit spread rapidly through underground channels. High-profile Instagram handles, sometimes called "OG" accounts, carry significant black market value. Estimates put the worth of targeted handles at over $500,000 collectively.

Meta's Response

Meta moved quickly once the exploit gained public attention. Stone's statement to Wong pushed back on some reports, noting: "This claim about world leaders is totally false. The issue that did happen has already been fixed."

The company implemented a patch on June 1, 2026, and says it's working to restore access for affected users. But the incident raises questions about offloading critical security functions to AI systems that can be manipulated through clever prompts.

“We have fixed an issue that allowed an external party to request password reset emails, and are working to restore access to impacted accounts.”

— Andy Stone, Meta Spokesperson

The Broader Security Question

Community reaction on Reddit's r/technology and HackerNews was pointed. Many called the vulnerability a "predictable failure" of security design. The core criticism: AI chatbots lack the strict, rule-based verification that sensitive account operations require.

Traditional account recovery relies on multiple verification factors. You need access to a registered email or phone number. The AI assistant, designed for convenience, created a shortcut that attackers could exploit.

This isn't the first time prompt injection has compromised AI systems, and it won't be the last. As companies rush to deploy AI agents with real-world capabilities, the attack surface expands. An AI that can reset passwords is an AI that can be tricked into resetting passwords for the wrong person.

What Users Can Do

For now, Meta says the vulnerability is closed. But users should take standard precautions:

• Enable two-factor authentication using an authenticator app, not SMS
• Check your account's linked email addresses and phone numbers for unfamiliar entries
• Review recent login activity for suspicious locations or devices
• Be skeptical of any unsolicited account verification requests

If your account was compromised during this attack, Meta's account recovery page is the official channel. The company says it's actively restoring access to affected users, though timelines vary.

Frequently Asked Questions

How did hackers use Meta AI to steal Instagram accounts?

Attackers used prompt injection to trick Meta's AI support assistant into linking their own email addresses to victim accounts. The AI would then send verification codes and password reset links to the attackers instead of the legitimate account owners.

Which accounts were affected by the Meta AI Instagram hack?

The exploit affected both ordinary users and high-profile accounts, including the archived Obama White House Instagram account, Chief Master Sergeant John Bentivegna's personal account, and global beauty retailer Sephora.

Has Meta fixed the Instagram AI chatbot vulnerability?

Yes. Meta spokesperson Andy Stone confirmed the issue was patched on June 1, 2026, and the company is working to restore access to compromised accounts.

How can I protect my Instagram account from similar attacks?

Enable two-factor authentication using an authenticator app, regularly check your account's linked emails and phone numbers, review login activity for suspicious access, and be cautious of unsolicited verification requests.

What is prompt injection in AI security?

Prompt injection is an attack technique where carefully crafted inputs trick AI systems into bypassing their security guardrails. Attackers use specific phrasing to make the AI perform actions it shouldn't, like adding unauthorized email addresses to accounts.

Source: mint / Aman Gupta