Hackers trick AI to take over high-profile Instagram accounts, Meta confirms

Meta has confirmed that hackers exploited a flaw in its AI-powered support assistant to gain control of Instagram accounts, including several high-profile profiles, prompting concerns about the security of automated account recovery systems.

The issue surfaced after security researchers shared screenshots and videos showing how attackers could manipulate Instagram's AI support chatbot to bypass account recovery safeguards.

The exploit reportedly led to a wave of account takeovers over the weekend.

Among the accounts reportedly affected were the Obama-era White House archive account, which briefly displayed pro-Iran content before being recovered, beauty retailer Sephora, US Space Force Chief Master Sergeant John Bentivegna, and cybersecurity researcher Jane Manchun Wong, a former Meta systems engineer.

Wong said her password was changed without her knowledge and that she received multiple password reset attempts before being repeatedly logged out of Instagram. Similar complaints were reported by users on Reddit and X.

According to demonstrations shared by researchers and hacking groups, attackers were able to use Meta's AI-powered support system to reset passwords without access to a victim's email account. The chatbot accepted requests to link a new email address to a targeted Instagram account, sent a verification code to that address, and then provided a password reset option after the code was entered.

Researchers believe the flaw stemmed from weaknesses in Meta's automated customer support infrastructure, which handles account recovery and maintenance requests. Attackers reportedly used VPNs or residential proxy services to make their activity appear as though it originated from the same region as the account owner.

Meta spokesperson Andy Stone said the vulnerability has been fixed and that the company is working to secure affected accounts.

Cybersecurity experts said the incident highlights the risks of granting AI systems access to sensitive account-management functions without strong identity verification measures.