Hackers Exploit Meta AI to Hijack Instagram Accounts
Hackers exploited Meta's AI to hijack Instagram accounts.
Hackers have exploited Meta’s AI support assistant to seize numerous Instagram accounts. This was reported by 404 Media, citing security researchers’ reports.
The hackers employed a direct “prompt injection” method. They instructed the chatbot to change the email address linked to the profile. The only additional requirement for the operation’s success was using a VPN with a geolocation matching the true owner’s data.
Once the bot changed the email in the settings without further identity verification, the attackers initiated the standard password reset procedure and gained full control over the account.
Scope of the Issue
Among the compromised profiles were the White House’s archival account from Barack Obama’s era, the page of U.S. Space Force Chief Master Sergeant John Bentivegna, and the official profile of the Sephora brand. Former Meta employee Jane Wong stated that her personal accounts were also hacked.
Hackers managed to post pro-Iranian content on the White House profile. Other attackers targeted rare “short” usernames for resale on dark forums.
The Meta AI Support Assistant was launched in March. The company marketed it as a solution for end-to-end access recovery automation.
Company representative Andy Stone announced that the vulnerability has been fixed.
This issue has been resolved and we are securing impacted accounts.
— Andy Stone (@andymstone) June 1, 2026
Expert Opinions
Experts interviewed by MIT Technology Review described the incident as a failure of basic security protocols. University of Wisconsin-Madison Professor Somesh Jha noted that AI agents are “too eager to complete tasks” and overlook control questions that a human would necessarily ask.
Experts emphasized that Meta neglected thorough “red testing” before deploying AI in critical areas like security settings management.
In May, Socket reported on a supply chain attack targeting cryptocurrency and AI systems developers.
Рассылки ForkLog: держите руку на пульсе биткоин-индустрии!