The attack involved manipulating Meta’s AI support tool into resetting account credentials without properly verifying identity.

In some cases, attackers were able to take over accounts linked to the Obama-era White House Instagram page, beauty retailer Sephora, and a senior U.S. Space Force official.

The accounts were not breached through Meta’s core systems. Instead, hackers targeted the chatbot’s decision-making process, using what cybersecurity experts describe as prompt injection techniques, combined with VPN tools to mimic the location of the account holder.

Once inside the recovery flow, attackers reportedly asked the AI to link new email addresses to targeted accounts. The chatbot then sent verification codes to those emails. After that step, password resets followed.

A security researcher familiar with the incident described how quickly access could be lost and regained. Jane Manchun Wong, a former Meta employee whose account was affected, said in a post on X: “Quite concerning,”.

She also reported repeated password reset attempts and a brief lockout before regaining access.

Posts on social media showed users discussing similar takeovers. Some said they were locked out without warning, while others complained about the lack of human support during recovery.

Meta confirmed the issue had been addressed. Andy Stone, a spokesperson for the company, said: “This issue has been resolved and we are securing impacted accounts,”. In a separate response, he said claims that world leaders’ accounts were compromised were “totally false”.

One of the affected accounts linked to the Obama-era White House page briefly posted content before being recovered, according to reports by 404 Media. The page has been inactive since 2017.

Meta introduced the Instagram AI support chatbot in March 2026. It was designed to handle account recovery and reduce reliance on human support, an area where users have long complained about delays and limited access.

However, the incident has drawn attention to the risks of giving automated systems control over sensitive actions. Security specialists say the problem lies in how these tools are authorised.

Brian Westnedge, vice president for alliances and partnerships at cybersecurity firm Red Sift, said: “This is a foundational architecture failure. The model was given privileged actions without privileged access controls.”

He added that the situation reveals the pressure on Meta, which has cut staff while investing heavily in artificial intelligence systems.

Cybersecurity experts have also warned that the issue is not limited to one company. Prompt injection attacks have appeared in other systems since the rise of AI chatbots after 2022.

Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance, said: “The concern isn’t necessarily AI itself, but whether adequate safeguards exist around what the AI is authorised to do.”

Engin Kirda, a professor at Northeastern University, said attackers are now targeting systems rather than individuals. He noted: “In the past, people were targeted by scams. Now, we are seeing agents being targeted by scams.”

Meta shares fell by more than 5% after reports of the breach, as investors are concerned about the company’s AI spending plans, which are expected to reach up to $145 billion.

The company says it has secured affected accounts and patched the vulnerability. It has not provided further technical details on how the exploit was carried out.

The company said the features are designed to flag potentially fraudulent activity earlier, as scammers usually try to evade detection by initially behaving like normal users before launching attacks.

Facebook to warn users about suspicious friend requests

Meta said it is testing alerts on Facebook that warn users about suspicious friend requests.

Under the new system, users sending or receiving a request from an account showing unusual behaviour, such as having very few mutual friends or listing a location in a different country, will see a notification encouraging them to review the request carefully before accepting it.

The alert is meant to help users decide whether to proceed with the request, reject it, or block the account.

WhatsApp introduces device-linking scam warnings

On WhatsApp, Meta is rolling out new alerts to stop scammers from tricking users into linking their accounts to a fraudster’s device.

According to the company, scammers sometimes impersonate talent competitions or other promotions and ask users to vote on a website by entering their phone number. Victims are then prompted to provide a device-linking code sent to their WhatsApp account.

In other cases, users may be persuaded to scan a QR code that secretly links their WhatsApp account to a scammer’s device.

“To stay ahead of these tactics, WhatsApp will now alert you when behavioural signals suggest a linking request might be suspicious,” Meta said in a blog post.

The warning will show where the request originated and notify users that it could be a scam before the account is linked.

Messenger expands AI-powered scam detection

Meta is also expanding its advanced scam detection system on Messenger to more countries this month, although the company did not specify which markets will be included.

The tool uses artificial intelligence to analyse patterns commonly associated with scams, including suspicious job offers and other fraudulent messages sent by unknown contacts.

If the system detects a potential scam, Messenger will warn the user and ask whether they want to share recent chat messages for an AI review. When a scam is confirmed, the platform will recommend blocking or reporting the account and provide information about common online fraud tactics.

Meta steps up enforcement against scam networks

Meta said it removed more than 159 million scam ads in 2025, with 92% taken down before being reported by users.

The company also shut down 10.9 million Facebook and Instagram accounts linked to criminal scam centres during the year.

In a recent global enforcement operation involving several law-enforcement agencies, Meta investigators disabled more than 150,000 accounts connected to scam networks, while the Royal Thai Police carried out 21 arrests linked to the activity.

The company also worked with the Nigeria Police Force and the UK National Crime Agency to dismantle a scam centre in Agbor, Delta State, leading to the arrest of seven suspects accused of targeting victims in the United Kingdom and the United States.

AI tools targeting impersonation scams

Meta said it is relying on artificial intelligence to detect sophisticated scams, particularly those involving impersonation of celebrities, public figures or brands.

The AI systems analyse signals across text, images and account behaviour to identify deceptive tactics such as fake fan pages, misleading bios and fraudulent links that mimic legitimate websites.

The technology also helps the company detect domain impersonation, where scammers redirect victims to websites designed to look like trusted platforms.

Advertiser verification to curb scam ads

As part of its anti-scam strategy, Meta said it is expanding advertiser verification requirements across its platforms.

The company aims for verified advertisers to account for 90% of its ad revenue by the end of 2026, up from about 70% today.

Meta said this will focus primarily on high-risk advertising categories, while lower-risk businesses such as small local retailers will account for the remaining share.

Global awareness campaigns

Meta added that technology alone cannot stop online fraud, stressing the importance of public awareness campaigns.

The company said it has partnered with organisations including the UN Office on Drugs and Crime (UNODC) and the International Justice Mission to run global campaigns aimed at helping people recognise and avoid online scams.

“Scammers are constantly evolving their tactics, and so are we,” the company said. “We will continue investing in technology, partnerships and education to help keep people safe across our platforms.”