Share

Hackers Hijack Instagram Accounts Using Meta's AI Support Chatbot

By Any June 3, 2026
Hackers exploited a vulnerability in Meta's AI-powered support chatbot to take control of high-profile Instagram accounts. The attackers tricked the chatbot into changing the email addresses associated with the accounts, allowing them to reset passwords and gain access. Meta has since stated that the flaw has been patched.
Hackers Hijack Instagram Accounts Using Meta's AI Support Chatbot

Hackers Hijack Instagram Accounts Using Meta’s AI Support Chatbot Hackers’ abuse of Meta’s new AI support chatbot has exposed a stark risk of automating high‑privilege security tasks inside major social platforms.

Rollout of Meta’s AI Support Bot

In March 2026, Meta launched an AI-powered support assistant for Instagram, designed to “resolve account issues from start to finish,” including password resets and email changes normally handled by human agents.

Weekend of Account Takeovers

Over the weekend preceding June 1, hackers began circulating a simple takeover method in Telegram channels: ask Meta’s AI support chatbot to change the email address on someone else’s Instagram account, then reset the password.

A Verge report describes how a hacker could “take over a target’s Instagram account just by asking Meta’s AI chatbot to link a new email address.” The bot then sent a verification code to the attacker’s email, which, once returned, unlocked a “Reset Password” button and full account control. Tech coverage notes the exploit “required no access to the victim’s email, no phishing link, and no malware.”

High-profile and valuable accounts were hit, including the dormant Obama White House handle, which began posting unauthorized images and propaganda, the account of US Space Force Chief Master Sergeant John Bentivegna, and premium “OG” usernames later resold on underground markets. Security researcher Jane Manchun Wong reported her own account was taken over, calling it “quite concerning.”

Public Outcry and Meta’s Response

The incident quickly drew online criticism. One widely shared post called it a “disaster from Meta AI,” asking why a chatbot was allowed to perform “critical actions like changing the email address of an accou….”

On June 1, a Meta spokesperson said “the issue that did happen has already been fixed,” and outlets reported the company had patched the exploit. However, follow-up reporting indicated that some attacks continued after Meta’s initial assurance, raising questions about the robustness and timing of the fix and the broader wisdom of giving AI systems direct, unverified control over user accounts.

Continue reading https://foxvector.com/stories/019e8fc4-000c-234a-7331-03d29eb4c03a

Write a comment
No comments yet.