We use essential cookies to make our site work. With your consent, we may also use non-essential cookies to improve user experience, personalize content, customize advertisements, and analyze website traffic. For these reasons, we may share your site usage data with our social media, advertising, and analytics partners. By clicking ”Accept,” you agree to our website's cookie use as described in our Cookie Policy. You can change your cookie settings at any time by clicking “Preferences.”

TechDogs-"Meta’s AI Support Bot Exploit Let Hackers Hijack Instagram Accounts"

Cyber Security

Meta’s AI Support Bot Lets Hackers Hijack Instagram Accounts

By Utkarsh Hiwale

Updated on Tue, Jun 2, 2026

Overall Rating

Meta’s AI-powered support assistant, built to help users recover Facebook and Instagram accounts faster, was reportedly exploited to hijack Instagram profiles by letting attackers add their own email addresses and reset passwords, raising fresh concerns about AI agents handling sensitive account-security workflows.


TL;DR

 
  • Hackers reportedly tricked Meta’s AI support assistant into linking attacker-controlled emails to Instagram accounts.
  • The exploit affected high-profile accounts, including the Obama-era White House Instagram handle, according to reports.
  • Meta said the issue has been resolved and that it is securing impacted accounts.
  • The incident highlights the risk of giving AI support agents permission to perform account-level actions.


Meta’s own AI support assistant has landed at the center of a serious Instagram security incident.


According to reports from The Verge, hackers were able to hijack Instagram accounts by asking Meta’s AI-powered support chatbot to add a new email address to a target account, receive a verification code on that attacker-controlled email, and then reset the account password.

CDN mediaSource


The attack did not reportedly require access to the victim’s original email inbox, phishing links, or malware. In one demonstration shared online, the hacker asked the chatbot to link a new email address, received a code, gave it back to the assistant, and was then shown a password reset option.


The issue was first reported by 404 Media and then picked up by several major outlets. The Verge reported that the flaw appeared around the same time Barack Obama’s former White House Instagram account, @obamawhitehouse, began posting Iranian propaganda. Other reportedly affected accounts included beauty retailer Sephora and the US Space Force Chief Master Sergeant.


Some attackers also appeared to use VPNs to make it look as if they were contacting support from the same region as the targeted account holder, helping them bypass location-based safeguards. The Verge noted that attackers seemed to target high-value Instagram handles, including short or single-word usernames.


Security researcher Jane Manchun Wong also said her Instagram account was taken over. “The password got changed without my knowledge and I was getting different password reset attempts throughout yesterday,” Wong wrote, according to The Verge.


Meta has acknowledged the issue and says it has fixed the flaw.


“This issue has been resolved and we are securing impacted accounts,” Meta communications head Andy Stone said in a statement shared on X and cited by The Verge and The Guardian. Meta has not publicly disclosed how many accounts were affected.


The incident is especially notable because Meta only recently expanded its AI support assistant across Facebook and Instagram. In a March 2026 company update, Meta said the assistant was designed to provide 24/7 support and could help with account issues such as password resets, privacy settings, scams, impersonation accounts, and profile settings. Meta also said the assistant could respond to requests typically in under five seconds.


At launch, Meta positioned the tool as a way to make support faster and more action-oriented. “The Meta AI support assistant is a major step in our work to deliver stronger support on our apps,” the company said in its announcement.


However, this incident shows the flip side of action-taking AI agents. When a chatbot is allowed to perform sensitive account-management tasks, such as email changes and password resets, the system’s security depends not just on the model’s answers, but on whether the surrounding verification process can reliably confirm who is making the request.

 

Topics for more insights: 



The broader takeaway is not that AI support is inherently unsafe, but that customer-service automation needs strict permission boundaries, identity checks, audit trails, and human escalation for high-risk actions. A support bot that can answer questions is one thing. A support bot that can help change account credentials is another.


For Meta, the exploit adds pressure at a time when the company is rapidly expanding AI across its apps. For users, it is another reminder to keep account security controls such as two-factor authentication, recovery contacts, and login alerts active, although reports indicate the real failure here was on the platform-side verification workflow.

First published on Tue, Jun 2, 2026

Utkarsh Hiwale

Utkarsh Hiwale

Tech Journalist, Content Writer TechDogs

Utkarsh Hiwale is a versatile writer with a professional background spanning technology, market research, and B2B industries. He has crafted a wide range of content including PR materials, research report descriptions, news pieces, blogs, and syndicated articles, covering domains such as AI, data, cybersecurity, fintech, martech, and IoT. Known for his clear and engaging style, Utkarsh specializes in writing introductory guides, insightful blogs, and product-focused listicles that make complex topics accessible to diverse audiences.

Enjoyed what you read? Great news – there’s a lot more to explore!

Dive into our content repository of the latest tech news, a diverse range of articles spanning introductory guides, product reviews, trends and more, along with engaging interviews, up-to-date AI blogs and hilarious tech memes!

Also explore our collection of branded insights via informative white papers, enlightening case studies, in-depth reports, educational videos and exciting events and webinars from leading global brands.

Head to the TechDogs homepage to Know Your World of technology today!

Disclaimer - Reference to any specific product, software or entity does not constitute an endorsement or recommendation by TechDogs nor should any data or content published be relied upon. The views expressed by TechDogs' members and guests are their own and their appearance on our site does not imply an endorsement of them or any entity they represent. Views and opinions expressed by TechDogs' Authors are those of the Authors and do not necessarily reflect the view of TechDogs or any of its officials. While we aim to provide valuable and helpful information, some content on TechDogs' site may not have been thoroughly reviewed for every detail or aspect. We encourage users to verify any information independently where necessary.

Tags:

Cyber AttackCyber Security ManagementCyber ThreatCybercrimeMeta AI Support Bot Instagram Account Hijack AI Chatbot Exploit Meta Cybersecurity

Join The Discussion

Trending TD NewsDesk

Join Our Newsletter

Get weekly news, engaging articles, and career tips-all free!

By subscribing to our newsletter, you're cool with our terms and conditions and agree to our Privacy Policy.

Home

Hot Topic: AI

News

Articles

Branded Insights

  • Dark
  • Light