Hackers exploited Meta's AI support chatbot to steal high-value Instagram accounts by tricking it into account recovery, highlighting the dangers of AI agents with elevated permissions. Accounts with MFA were not compromised.
<p>Meta’s AI support chatbot proved unusually helpful to hackers looking to steal and resell notable Instagram accounts—the hackers simply asking the bot to change the accounts’ associated email addresses while using VPN to mask their true locations.</p>
<p>Videos featuring the “shockingly easy” exploit have been circulating among Telegram groups for hackers and security researchers, according to <a href="https://www.404media.co/hackers-simply-asked-meta-ai-to-give-them-access-to-high-profile-instagram-accounts-it-worked/">404 Media</a>. The exploit allowed hackers to take over and flip valuable Instagram accounts worth hundreds of thousands of dollars on the gray market before Meta implemented an emergency patch on May 29. The <a href="https://www.tmz.com/2026/05/31/obama-white-house-hacked-on-instagram/">Barack Obama White House account</a> and the <a href="https://taskandpurpose.com/culture/space-force-bentivegna-instagram-hacked/?ref=404media.co">Chief Master Sergeant of Space Force’s account</a> also posted pro-Iranian images and messages while they were temporarily compromised.</p>
<p>Attackers simply had to use a VPN to approximately match their location to the target Instagram account’s region, begin a password reset process, and then ask Meta’s AI support chatbot to change the email address associated with the account, according to 404 Media. It’s a very straightforward <a href="https://arstechnica.com/tag/prompt-injection/">prompt injection</a> attack.</p><p><a href="https://arstechnica.com/ai/2026/06/meta-ai-support-chatbot-gave-hackers-access-to-notable-instagram-accounts/">Read full article</a></p>
<p><a href="https://arstechnica.com/ai/2026/06/meta-ai-support-chatbot-gave-hackers-access-to-notable-instagram-accounts/#comments">Comments</a></p>
# Hackers duped Meta AI support chatbot to steal celebrity Instagram accounts
Source: [https://arstechnica.com/ai/2026/06/meta-ai-support-chatbot-gave-hackers-access-to-notable-instagram-accounts/](https://arstechnica.com/ai/2026/06/meta-ai-support-chatbot-gave-hackers-access-to-notable-instagram-accounts/)
Both ZachXBT and Dark Web Informer also confirmed how hackers had targeted and resold particularly valuable Instagram accounts, including the short handles @hey and @jowo with a “combined gray\-market valuation estimated above $1 million,” according to the[CyberSec Guru](https://thecybersecguru.com/news/instagram-meta-ai-vulnerability-account-recovery-exploit/)\. Such accounts can be valuable even if hackers hold them for just a few days because of “clout, resale or brand impersonation,” the security blog reported\.
## The wide security hole
The CyberSec Guru also described the exploit as representing the classic[“confused deputy” problem](https://en.wikipedia.org/wiki/Confused_deputy_problem)from computer security, in which a program with elevated permissions is tricked into misusing those permissions on behalf of a less privileged third party\. But in this case, the “deputy” was a large language model with a “probabilistic response model you can nudge with words” instead of a “deterministic program” with “hard\-coded conditionals you’d need to bypass with code\.”
It’s worth keeping in mind that users had simple security solutions available, even with the Meta AI support chatbot being exploited\. The hackers reported their exploit failing against any accounts that had enabled[multifactor authentication](https://arstechnica.com/tag/mfa/)\(MFA\), including the “least robust form of MFA that Instagram offers” in the form of one\-time codes sent through SMS, according to[KrebsOnSecurity](https://krebsonsecurity.com/2026/06/hackers-used-metas-ai-support-bot-to-seize-instagram-accounts/)\.
But the exploit still highlights the broader risk of tech companies and other organizations rushing to deploy[AI agents](https://arstechnica.com/information-technology/2026/05/millions-of-ai-agents-imperiled-by-critical-vulnerability-in-open-source-package/)with elevated permissions that allow them to modify, create, or delete critical data\. Meta had launched its[Meta AI support assistant](https://about.fb.com/news/2026/03/boosting-your-support-and-safety-on-metas-apps-with-ai/?ref=404media.co)in March 2026 with the promise that it could “provide reliable, 24/7 support for nearly any support issue at any time\.”
The “minimum” architecture required to do this more safely, according to the CyberSec Guru, would include “out\-of\-band verification before any account modification… rate limiting on AI\-initiated reset flows keyed to account risk signals, action logging with anomaly detection for unusual AI\-driven account modifications, and a hard deterministic gate\.”
Hackers exploited Meta's AI support chatbot to take over high-profile Instagram accounts by simply asking it to change the account's email address, bypassing normal verification and account recovery procedures.
Meta's AI support chatbot was exploited by hackers to hijack Instagram accounts, including high-profile ones, by tricking the bot into changing email addresses. Meta has since patched the issue.
Hackers exploited Meta's AI customer support bot to reset Instagram account passwords, briefly hijacking high-profile accounts like the Obama White House's Instagram. Meta pushed an emergency patch and advised enabling multi-factor authentication.
Attackers exploited Meta's AI customer support agent to hijack Instagram accounts by simply asking it to change linked email addresses, highlighting that AI agent vulnerabilities can be as dangerous as advanced AI hacking threats.
Recap of a security incident where hackers took over high-profile Instagram accounts by social-engineering Meta's AI chatbot, highlighting the structural unsafety of LLM-wrapper agent architectures where authorization is embedded within LLM reasoning.