Meta AI Chatbot Hijacked to Steal High-Profile Instagram Accounts
Key Takeaways
- Hackers bypassed standard security verification by tricking Meta's AI chatbot into linking attacker-controlled emails to victim accounts
- High-profile accounts including Obama's White House page and Sephora were compromised before Meta's June 1 patch
- The exploit spread via Telegram tutorials showing step-by-step instructions for the prompt injection attack
Meta's AI-powered support assistant became an unwitting accomplice to hackers in late May 2026. Attackers discovered they could manipulate the chatbot into handing over account access without needing a victim's email address, phone number, or any traditional phishing techniques.
The vulnerability allowed takeovers of both ordinary users and high-profile accounts. Among the casualties: the archived Obama White House Instagram account, the personal account of Chief Master Sergeant John Bentivegna, and global beauty retailer Sephora.
Meta confirmed the issue has been patched. Spokesperson Andy Stone wrote in a public reply to security researcher Jane Wong: "We have fixed an issue that allowed an external party to request password reset emails, and are working to restore access to impacted accounts."
How the Attack Worked
Meta rolled out its AI support assistant on Instagram and Facebook earlier this year. The chatbot handles common tasks: updating profile settings, managing privacy controls, reporting impersonation accounts, and resetting passwords. That last feature became the weak link.
Videos circulating on Telegram showed the exploit in detail. An attacker would simply ask Meta's AI assistant to add a new email address to a target's Instagram account. The AI would then send a verification code to the attacker's email, not the original account owner's address. Once the attacker shared the verification code with the chatbot, it would provide a password reset link.
The technique relied on prompt injection, a method where carefully crafted inputs trick AI systems into ignoring their security guardrails. By matching IP locations and using specific phrasing, attackers could bypass verification steps that would normally flag suspicious activity.
Who Got Hit
The attack wasn't limited to celebrity accounts. One Reddit user described losing an account they'd held since 2010 or 2011. "I've tried to get my account back (it still exists, I can use another account to check on it), but I'm not famous or verified, so I'm SOL," they wrote.
Security researcher Jane Wong posted on X about her own experience: "Even my Instagram account got hacked. The password got changed without my knowledge and I was getting different password reset attempts throughout yesterday. And I got repeatedly logged out from the IG iOS app."
The timing suggests the exploit spread rapidly through underground channels. High-profile Instagram handles, sometimes called "OG" accounts, carry significant black market value. Estimates put the worth of targeted handles at over $500,000 collectively.
Meta's Response
Meta moved quickly once the exploit gained public attention. Stone's statement to Wong pushed back on some reports, noting: "This claim about world leaders is totally false. The issue that did happen has already been fixed."
The company implemented a patch on June 1, 2026, and says it's working to restore access for affected users. But the incident raises questions about offloading critical security functions to AI systems that can be manipulated through clever prompts.
“We have fixed an issue that allowed an external party to request password reset emails, and are working to restore access to impacted accounts.”
— Andy Stone, Meta Spokesperson
The Broader Security Question
Community reaction on Reddit's r/technology and HackerNews was pointed. Many called the vulnerability a "predictable failure" of security design. The core criticism: AI chatbots lack the strict, rule-based verification that sensitive account operations require.
Traditional account recovery relies on multiple verification factors. You need access to a registered email or phone number. The AI assistant, designed for convenience, created a shortcut that attackers could exploit.
This isn't the first time prompt injection has compromised AI systems, and it won't be the last. As companies rush to deploy AI agents with real-world capabilities, the attack surface expands. An AI that can reset passwords is an AI that can be tricked into resetting passwords for the wrong person.
Another recent example of attackers exploiting system vulnerabilities at scale
What Users Can Do
For now, Meta says the vulnerability is closed. But users should take standard precautions:
- Enable two-factor authentication using an authenticator app, not SMS
- Check your account's linked email addresses and phone numbers for unfamiliar entries
- Review recent login activity for suspicious locations or devices
- Be skeptical of any unsolicited account verification requests
If your account was compromised during this attack, Meta's account recovery page is the official channel. The company says it's actively restoring access to affected users, though timelines vary.
Related discussion of AI system limitations and guardrails
Logicity's Take
Frequently Asked Questions
How did hackers use Meta AI to steal Instagram accounts?
Attackers used prompt injection to trick Meta's AI support assistant into linking their own email addresses to victim accounts. The AI would then send verification codes and password reset links to the attackers instead of the legitimate account owners.
Which accounts were affected by the Meta AI Instagram hack?
The exploit affected both ordinary users and high-profile accounts, including the archived Obama White House Instagram account, Chief Master Sergeant John Bentivegna's personal account, and global beauty retailer Sephora.
Has Meta fixed the Instagram AI chatbot vulnerability?
Yes. Meta spokesperson Andy Stone confirmed the issue was patched on June 1, 2026, and the company is working to restore access to compromised accounts.
How can I protect my Instagram account from similar attacks?
Enable two-factor authentication using an authenticator app, regularly check your account's linked emails and phone numbers, review login activity for suspicious access, and be cautious of unsolicited verification requests.
What is prompt injection in AI security?
Prompt injection is an attack technique where carefully crafted inputs trick AI systems into bypassing their security guardrails. Attackers use specific phrasing to make the AI perform actions it shouldn't, like adding unauthorized email addresses to accounts.
Need Help Implementing This?
Source: mint / Aman Gupta
Manaal Khan
Tech & Innovation Writer
Related Articles
Browse all
Robotaxi Companies Are Hiding How Often Humans Take the Wheel
Autonomous vehicle firms like Waymo and Tesla are under scrutiny for refusing to disclose how often remote operators step in to control their self-driving cars. A Senate investigation reveals major gaps in transparency, raising safety and accountability concerns.
Wisconsin Governor Throws a Wrench in Age Verification Plans
Wisconsin Governor Tony Evers has vetoed a bill that would have required residents to verify their age before accessing adult content online, citing concerns over privacy and data security. This move comes as several other states have already implemented similar age check requirements. The veto has significant implications for the future of online age verification.
Apple's App Store Empire Under Siege: The Battle for the Future of Tech
The long-running feud between Apple and Epic Games has reached a boiling point, with Apple preparing to take its case to the Supreme Court. The tech giant is fighting to maintain control over its App Store, while Epic Games is pushing for more freedom for developers. The outcome could have far-reaching implications for the entire tech industry.
Tesla's Remote Parking Feature: The Investigation That Didn't Quite Park Itself
The US auto safety regulators have closed their investigation into Tesla's remote parking feature, but what does this mean for the future of autonomous driving? We dive into the details of the investigation and what it reveals about the technology. The National Highway Traffic Safety Administration found that crashes were rare and minor, but the investigation's closure doesn't necessarily mean the feature is completely safe.
Also Read
Why Impact Investing Collapsed While VC Hit Record Highs
Global venture capital surged 150% in Q1 2026, yet impact startup funding plummeted 63% to its lowest since 2017. The culprit isn't investor cynicism. It's a capability gap that conflated all impact investing with failed climate tech bets.
Samsung Galaxy Z Fold8 Wide Foldable Spotted in Real-World Photos
Leaked images from a South Korean forum show Samsung's rumored wide-screen Galaxy Z Fold8 in a protective case. The device appears to feature a noticeably wider form factor and dual-camera setup, with an official unveiling expected at Galaxy Unpacked in July.
TechCrunch Startup Battlefield: How to Make the Top 20
TechCrunch has extended its Startup Battlefield application deadline to June 8. The competition offers a $100,000 equity-free prize and six minutes on the Disrupt Main Stage. Here's what gets founders selected and what every applicant receives.