Hackers have exploited a flaw in the Instagram AI support chatbot to gain access to user accounts, including high-profile accounts.
The attack involved manipulating Meta’s AI support tool into resetting account credentials without properly verifying identity.
In some cases, attackers were able to take over accounts linked to the Obama-era White House Instagram page, beauty retailer Sephora, and a senior U.S. Space Force official.
The accounts were not breached through Meta’s core systems. Instead, hackers targeted the chatbot’s decision-making process, using what cybersecurity experts describe as prompt injection techniques, combined with VPN tools to mimic the location of the account holder.
Once inside the recovery flow, attackers reportedly asked the AI to link new email addresses to targeted accounts. The chatbot then sent verification codes to those emails. After that step, password resets followed.
A security researcher familiar with the incident described how quickly access could be lost and regained. Jane Manchun Wong, a former Meta employee whose account was affected, said in a post on X: “Quite concerning,”.
She also reported repeated password reset attempts and a brief lockout before regaining access.
Posts on social media showed users discussing similar takeovers. Some said they were locked out without warning, while others complained about the lack of human support during recovery.
Meta confirmed the issue had been addressed. Andy Stone, a spokesperson for the company, said: “This issue has been resolved and we are securing impacted accounts,”. In a separate response, he said claims that world leaders’ accounts were compromised were “totally false”.
One of the affected accounts linked to the Obama-era White House page briefly posted content before being recovered, according to reports by 404 Media. The page has been inactive since 2017.
Meta introduced the Instagram AI support chatbot in March 2026. It was designed to handle account recovery and reduce reliance on human support, an area where users have long complained about delays and limited access.
However, the incident has drawn attention to the risks of giving automated systems control over sensitive actions. Security specialists say the problem lies in how these tools are authorised.
Brian Westnedge, vice president for alliances and partnerships at cybersecurity firm Red Sift, said: “This is a foundational architecture failure. The model was given privileged actions without privileged access controls.”
He added that the situation reveals the pressure on Meta, which has cut staff while investing heavily in artificial intelligence systems.
Cybersecurity experts have also warned that the issue is not limited to one company. Prompt injection attacks have appeared in other systems since the rise of AI chatbots after 2022.
Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance, said: “The concern isn’t necessarily AI itself, but whether adequate safeguards exist around what the AI is authorised to do.”
Engin Kirda, a professor at Northeastern University, said attackers are now targeting systems rather than individuals. He noted: “In the past, people were targeted by scams. Now, we are seeing agents being targeted by scams.”
Meta shares fell by more than 5% after reports of the breach, as investors are concerned about the company’s AI spending plans, which are expected to reach up to $145 billion.
The company says it has secured affected accounts and patched the vulnerability. It has not provided further technical details on how the exploit was carried out.
