A security issue affecting social media platform Instagram allowed attackers to take over user accounts by tricking Meta AI support chatbot into linking an attacker-controlled email address.
The security bug enabled attackers to compromise numerous high-profile Instagram accounts, including those of politicians, government officials, and cybersecurity experts.
Hackers tricked Meta AI’s support chatbot into compromising Instagram accounts
According to a video shared on X, the hack begins with the attacker searching for a target Instagram account they wish to compromise. They used a virtual private network (VPN) service to spoof their location to match that of the targeted user, thereby minimizing the risk of triggering automated account protections.
The attacker then prompted the Meta AI support chatbot to add a secondary email address that could be used to verify the account and perform privileged actions, such as password resets.
Instagram then approves the secondary email address by sending a confirmation code to the attacker-controlled email address. On sharing the confirmation code with the AI support chatbot, Instagram triggered a password reset.
Upon changing the password, the attacker gained complete control of the Instagram account without compromising the legitimate user’s email address. According to some victims, the AI support chatbot bypassed multi-factor authentication. Others complained that they could not reach human support after being locked out of their accounts.
“I spent 6 hours trying to get human support and Meta’s support AI gave me 4 broken links in a row. we’re at the point where one AI stole it and another can’t fix it, zero humans in the loop anywhere,” a user complained on X.
Meanwhile, Meta says it has fixed the security flaw that allowed hackers to take over Instagram accounts by manipulating its AI support chatbot. Meta spokesperson Andy Stone also denied claims that the Instagram accounts of world leaders were targeted. Nevertheless, the attackers could have abused their access to direct messages, which may have contained sensitive information.
High-profile Instagram accounts hacked via AI support chatbot
Among the compromised Instagram accounts include those of former U.S. President Barack Obama’s White House, security researcher and former Meta employee Jane Wong, and that of U.S. Space Force’s chief master sergeant John Bentivegna.
“The password got changed without my knowledge and I was getting different password reset attempts throughout yesterday. And I got repeatedly logged out from the IG iOS app,” Wong said.
So far, it remains unclear how many Instagram accounts were hijacked by tricking the Meta AI support chatbot or how long the security issue was exploited.
“This is a great illustration of why AI agent authorization is the harder, and more critical, problem than authentication,” said Dan Moore, Sr. Director, CIAM Strategy & Identity Standards at FusionAuth. “Meta’s bot verified nothing about who was asking; it just helpfully did what it was told to do, up to and including sending the attacker email a confirmation code to make sure the new email address was valid. The industry is pretty focused on keeping AI from saying bad things. That’s fine, as long as we don’t completely overlook whether AI should be allowed to do what it’s trying to do.”
Instagram security breaches
Instagram has experienced numerous security breaches in the past. In 2026, the social media platform experienced a password reset bug that resulted in data from 17.5 million Instagram accounts being advertised for sale on underground cybercrime markets. At the time, Meta denied that the leak stemmed from a compromise of its systems, claiming the data was scraped.
Between 2021 and 2022, stolen Instagram data, including both new and old scraped data, was traded on underground cybercrime forums.
In 2019, Instagram partners scraped millions of user records, leading the social media giant to ban numerous third-party services allegedly involved in platform abuse. In the same year, Instagram reportedly stored passwords in an unencrypted format, making them accessible to its employees.
