Hackers Used Meta AI Support Bot to Hijack High-Profile Instagram Accounts

_{Photo credit: Brett Jordan / Unsplash.com}

Hackers exploited Meta’s AI-powered support chatbot to gain access to high-profile Instagram accounts by persuading the system to replace account email addresses with attacker-controlled ones. Meta says the issue has now been fixed.

The reports emerged following a wave of account compromises affecting profiles connected to public figures, brands, and government organizations. Among the accounts reportedly affected were the former Obama White House Instagram account, beauty retailer Sephora, and accounts linked to US military personnel.

According to screenshots and videos circulating online, attackers allegedly interacted directly with Meta’s support chatbot and requested email changes for targeted accounts. Once a new email address was associated with an account, attackers could trigger password reset flows and take control of accounts without accessing the victim’s inbox. Some reports say that the attackers used a VPN to simulate the target’s location and evade automated safeguards.

Meta confirmed that the vulnerability has been addressed but has not disclosed how many users may have been impacted. Company representatives stated that affected accounts are being secured and emphasized that there was no broader compromise of Meta systems.

The incident is likely to add to ongoing concerns about the expansion of AI into customer support and account recovery workflows. Earlier this year, Meta expanded AI-powered support features across its platforms, giving automated systems greater ability to handle password resets, account recovery, and other sensitive actions previously handled through traditional support channels.