Hackers Tricked Meta AI Into Handing Over Instagram Accounts
Key Takeaways
- Hackers exploited Meta's AI customer service to hijack 300+ Instagram accounts by tricking the chatbot into linking new email addresses
- High-profile victims included the Obama White House, Sephora, and the U.S. Space Force
- Meta patched the vulnerability within days, but the incident raises questions about AI-driven account security without human oversight
The Instagram account of the Obama White House sat dormant for nine years. Then, over the weekend, hackers took it over, filling the page with pro-Iranian imagery. The attackers didn't need sophisticated tools or inside access. They just asked Meta's AI chatbot nicely.
Instructions spread online showing how to trick Meta AI into transferring control of Instagram accounts. The method was simple: convince the chatbot to link a third-party email address to an existing account. Once linked, attackers could reset passwords and lock out the original owners.
Meta spokesperson Andy Stone confirmed the breach in a statement posted to X: "This issue has been resolved and we are securing impacted accounts."
How the Attack Worked
The exploit was surprisingly straightforward. Attackers used VPN connections with IP addresses near the target's usual location. This made the requests appear legitimate to Meta's systems.
From there, they asked the AI chatbot to link the account to a new email address. Meta AI complied, sending a one-time verification code to the attacker's email. Once verified, the attackers could reset the password and take full control.
The vulnerability emerged roughly three months after Meta delegated certain customer service functions to AI. These included handling forgotten password requests, a common but sensitive operation.
Who Got Hit
The Obama White House account grabbed headlines, but the attack reached far beyond political targets. Victims included Sephora, the beauty retailer, and the Office of the Chief Master Sergeant of the U.S. Space Force.
Security researcher Jane Wong was also affected. "The password got changed without my knowledge and I was getting different password reset attempts throughout yesterday," Wong wrote on social media. "And I got repeatedly logged out from the IG iOS app. Quite concerning."
One user who claimed to have multiple accounts compromised put it bluntly: "These aren't some random new accounts. These are verified, locked down accounts and they still got compromised."
The Human-in-the-Loop Problem
The incident exposes a fundamental tension in AI-powered customer service. Automation makes support faster and cheaper. But sensitive operations like account recovery create obvious attack surfaces when no human reviews the request.
“The whole thing just highlighted how stupid it is to automate account security without any human in the loop. One AI fooling another AI while there's literally no person anywhere to catch it.”
— Affected user
Security researchers call this type of attack "prompt injection." Attackers craft requests that exploit logical gaps in how AI systems interpret instructions. The Meta AI assistant apparently lacked sufficient safeguards to distinguish legitimate account recovery from social engineering.
Discussions on Hacker News and r/netsec focused on what observers called "automated trust." Many argued that sensitive account actions should always require human verification, regardless of how convincing the request appears to an AI.
A Growing Trend
This wasn't an isolated incident. AI-led social engineering attacks targeting enterprise social media accounts have increased an estimated 50% throughout 2026. As companies rush to deploy AI customer service tools, attackers are finding creative ways to exploit them.
Meta patched the vulnerability quickly. But as one affected user noted: "Now, thankfully, it's patched but I don't think it will be the last one."
Logicity's Take
What Organizations Should Do
- Audit AI customer service workflows for sensitive operations like password resets and account recovery
- Require human approval for any request that changes account ownership or primary credentials
- Monitor for unusual login patterns, especially VPN traffic from unexpected locations
- Enable all available multi-factor authentication options on high-value accounts
- Maintain direct contact channels with platform support teams for verified business accounts
Frequently Asked Questions
How did hackers take over Instagram accounts using Meta AI?
Attackers asked Meta's AI customer service chatbot to link new email addresses to existing accounts. The AI complied without sufficient verification, allowing hackers to reset passwords and take control.
Which Instagram accounts were affected by the Meta AI hack?
Over 300 accounts were compromised, including the Obama White House, Sephora, the U.S. Space Force, and security researcher Jane Wong.
Has Meta fixed the Instagram account vulnerability?
Yes. Meta spokesperson Andy Stone confirmed the issue has been resolved and affected accounts are being secured.
What is a prompt injection attack?
A prompt injection attack tricks an AI system into performing unintended actions by crafting requests that exploit logical gaps in how the AI interprets instructions.
How can I protect my Instagram account from similar attacks?
Enable all available multi-factor authentication options, use a unique email address for your Instagram account, and monitor for unexpected password reset notifications.
Another example of mobile security measures designed to prevent unauthorized account access.
Need Help Implementing This?
Source: Fast Company / Chris Morris
Manaal Khan
Tech & Innovation Writer
Related Articles
Browse all
AI Search Trust Problem: Why 85% of Users Doubt Results
New research reveals a massive gap between AI search adoption and user trust. Two-thirds of Americans use AI search tools, but only 15% trust the results. For businesses relying on AI-powered discovery, this trust deficit represents both a risk and an opportunity.
AI Data Privacy for Business: Protect Sensitive Info in ChatGPT
Your employees are uploading confidential documents to AI chatbots daily. Most are doing it wrong. Here's the business case for proper data redaction and the tools that actually work.
AI Development Tips for Entrepreneurs
AI is transforming industries and we're here to guide you through the process. With the right strategies, you can unlock the full potential of AI for your business. According to Gartner, AI adoption is on the rise and we'll show you how to get started.
Unlock Business Growth with Top AI Tools
You're about to discover the best AI tools to supercharge your business growth. We'll dive into real-world examples of companies that have successfully leveraged AI for massive gains. Get ready to transform your operations and boost revenue.
Also Read
Samsung One UI 9 Requires PIN to Power Off Your Phone
Samsung's One UI 9 beta introduces a security feature that requires PIN verification before powering off or restarting Galaxy phones. The change also triggers automatic Lockdown Mode when users exit the power menu, making stolen devices significantly harder to disable.
VivaTech 2026: Europe Bets on Industrial AI, Not Chatbots
VivaTech 2026 will showcase Europe's deliberate pivot away from consumer AI toward industrial applications in manufacturing, healthcare, and energy. The conference, now in its 10th year, positions regulatory depth and industrial expertise as competitive advantages rather than innovation brakes.
Maingear MG-1 Mk.II Review: Stunning Build, Steep Price
Maingear's updated MG-1 Mk.II gaming desktop pairs AMD's Ryzen 9 9950X3D2 with Nvidia's RTX 5090 in a meticulously cable-managed chassis. The $7,000+ configuration delivers exceptional performance, but the premium pricing and surprisingly cheap-feeling case raise questions about value.