Key Takeaways

- Hackers exploited Meta's AI support chatbot to take over Instagram accounts by requesting email changes through the bot
- The vulnerability bypassed two-factor authentication and required only VPN location spoofing to work
- High-profile accounts including the Obama White House, Sephora, and a Space Force official were compromised
AI Support Tool Became a Hacker's Best Friend
When Meta launched its AI support assistant in December 2025, the company promised it would make account recovery "faster and simpler." The company delivered on that promise. Just not in the way anyone wanted.
Security researchers flagged over the weekend that hackers had been using Meta's AI chatbot to steal Instagram accounts. The method was alarmingly simple: ask the bot to change the email address linked to a target account, then request a password reset. That's it. Even accounts protected by two-factor authentication fell to this approach.
Screenshots and videos showing the takeovers in action circulated on Telegram, where users had apparently been discussing the vulnerability since March. That's three months of exposure before Meta addressed the issue.
How the Exploit Worked
The AI chatbot relied on users' physical locations to verify identity. Meta had built this as a security feature. In its December announcement, Meta wrote: "Our systems recognize the device you usually use and familiar locations better than ever."
Hackers turned this feature into a weakness. By using a VPN to spoof their location to match the target account holder's location, attackers could convince the AI they were the legitimate owner. The bot would then process email change requests without additional verification.
The exploit worked because the AI chatbot had authority to make account changes but lacked the judgment to question suspicious requests. A human support agent might hesitate when someone asks to change an account's primary email. The AI just did what it was asked.
High-Profile Victims
The timing of Meta's patch coincides with a wave of high-profile account compromises. The Obama White House Instagram account, dormant since 2017, suddenly posted an AI-generated image with text translating to "the White House is under Shiites' control," according to TMZ. Meta confirmed the hack but provided no details on how it happened or who was responsible.
Other potential victims include beauty retailer Sephora and a high-ranking Space Force official, according to 404 Media. The common thread: valuable accounts that would be prime targets for hackers seeking either financial gain or political impact.
Meta's Response
Meta VP of Communications Andy Stone posted on X that the company had resolved the issue. "This issue has been resolved and we are securing impacted accounts," Stone wrote. The company hasn't disclosed how many accounts were affected or why the AI support tool had such a fundamental security gap.
“We are aware of the issue and have patched the vulnerability; we are currently in the process of identifying and restoring the affected accounts.”
— Andy Stone, VP of Communications at Meta
The silence on root cause is notable. Meta cut roughly 8,000 employees from its integrity and cybersecurity divisions in early 2026, leaving support operations heavily reliant on AI automation. Whether that staffing decision contributed to this vulnerability remains an open question Meta hasn't answered.
The Automation Risk
This incident highlights a core tension in AI-powered customer support. Companies want to reduce costs and speed up response times. AI chatbots deliver both. But when those bots have real authority over account settings, they become attack vectors.
The community reaction on HackerNews and Reddit has been pointed. Users noted the dangerous irony: Meta prioritized AI automation over basic account security protocols. When the AI bot is the only point of contact for support, there's no human to escalate to during a crisis. No one to say, "Wait, this seems suspicious."
For companies considering similar automation, this is a case study in what happens when you give AI authority without adequate safeguards. The question isn't whether AI can handle support tasks. It's whether your AI can recognize when it's being manipulated.
Initial coverage of how the exploit was discovered and spread
Deep dive into the highest-profile victim of the exploit
Logicity's Take
Frequently Asked Questions
How did hackers bypass Instagram's two-factor authentication?
The AI support chatbot had authority to change account email addresses. Once attackers changed the email, they could request a password reset, bypassing 2FA entirely since the reset went to their controlled email.
Is the Meta AI support exploit still active?
Meta says the vulnerability has been patched and the company is working to secure affected accounts. However, the company hasn't disclosed the full scope of compromised accounts.
How can I check if my Instagram account was affected?
Review your Instagram security settings for any unauthorized email or phone number changes. Check your login activity for unfamiliar devices or locations. If you notice anything suspicious, change your password immediately.
How long was this vulnerability exploitable?
According to 404 Media, users on Telegram had been discussing the vulnerability since March 2026. Meta didn't patch it until June, meaning the exploit was potentially usable for about three months.
What accounts were compromised in the Meta AI hack?
Confirmed victims include the Obama White House Instagram account. Potential victims include beauty retailer Sephora and a high-ranking Space Force official, according to 404 Media.
Need Help Implementing This?
Source: Engadget
Huma Shazia
Senior AI & Tech Writer
Produced with AI assistance and reviewed by the Logicity editorial team. Learn more in our Editorial Policy.
Related Articles
More in Trending Tech
AI Revolution: How Tech is Transforming the World, One Industry at a Time
From desalination plants in Iran to AI-powered manufacturing, the tech world is abuzz with innovation. Discover how AI is changing the game for small entrepreneurs and what it means for the future of industry. Explore the latest developments in cybersecurity, robotics, and more.

Revolutionizing AI: The Game-Changing Tech That's Making Agents Smarter
A new technology is set to revolutionize the way AI agents learn and adapt, enabling them to accumulate wisdom and apply it to new situations. This innovation has the potential to significantly boost the reliability of AI agents, especially in complex tasks. By converting raw agent trajectories into reusable guidelines, this tech is poised to transform the AI landscape.

The Dark Side of AI: How Bots Are Fueling a Monetized Abuse Ecosystem
A recent analysis of 2.8 million Telegram messages reveals a shocking truth: AI-powered bots are being used to create and sell non-consensual intimate images. These bots can turn ordinary photos into synthetic nude images, and the abuse is being monetized through affiliate programs and subscription-based archives. The researchers behind the study are calling for stricter regulations to combat this growing problem.

AI's Secret Sauce: How Journalism Became the Unlikely Ingredient
A recent study reveals that AI chatbots rely heavily on journalistic sources for their quotes, with one in four coming from news outlets. This shocking discovery has significant implications for the media industry and our understanding of AI's information gathering processes. As AI technology continues to evolve, it's essential to consider the role of journalism in shaping its responses.



