Hackers Manipulate Meta’s AI Chatbot to Seize Control of Instagram Accounts
A critical security flaw in Meta’s AI-powered support chatbot enabled hackers to take control of several high-profile Instagram accounts during the weekend of June 1, 2026. Among the compromised accounts were the Obama-era White House account and the U.S. Space Force Chief Master Sergeant’s profile. Meta has since rectified the vulnerability.
The method of exploit was alarmingly straightforward. The hackers utilized a VPN to mimic their location near the target account. Subsequently, they requested Meta’s AI Support Assistant to incorporate a new email address into the victim’s account. The chatbot complied by sending a verification code to the hacker’s email and offering a password reset option—all without confirming the requester’s identity.
Security researcher, Jane Wong, reported that her account was also breached, with the password being altered without her consent. As per cybersecurity experts, the attack was only effective on accounts that had not enabled multi-factor authentication. Ian Goldin from Lumen’s Black Lotus Labs cautioned that “AI chatbots create interesting new attack surface, and we’re likely going to see a lot more of these kinds of attacks.”
Andy Stone, Meta’s Vice President of Communications, confirmed on X that “this issue has been resolved and we are securing impacted accounts.” This incident underscores the escalating concerns about the deployment of AI chatbots with elevated privileges for sensitive account recovery functions. The bots can be easily manipulated through social engineering.
Source: TechCrunch