Hackers duped Meta AI support chatbot to steal celebrity Instagram accounts

Hackers exploited Meta's AI support chatbot to steal high-profile Instagram accounts by using a VPN to match the target's region and then asking the bot to change the associated email address. The prompt injection attack, active since February, compromised thousands of accounts before Meta issued an emergency patch on May 29, following the takeover of accounts including the Barack Obama White House page and the Chief Master Sergeant of Space Force's account.

Meta’s AI support chatbot proved unusually helpful to hackers looking to steal and resell notable Instagram accounts—the hackers simply asking the bot to change the accounts’ associated email addresses while using VPN to mask their true locations. Videos featuring the “shockingly easy” exploit have been circulating among Telegram groups for hackers and security researchers, according to 404 Media https://www.404media.co/hackers-simply-asked-meta-ai-to-give-them-access-to-high-profile-instagram-accounts-it-worked/ . The exploit allowed hackers to take over and flip valuable Instagram accounts worth hundreds of thousands of dollars on the gray market before Meta implemented an emergency patch on May 29. The Barack Obama White House account https://www.tmz.com/2026/05/31/obama-white-house-hacked-on-instagram/ and the Chief Master Sergeant of Space Force’s account https://taskandpurpose.com/culture/space-force-bentivegna-instagram-hacked/?ref=404media.co also posted pro-Iranian images and messages while they were temporarily compromised. Attackers simply had to use a VPN to approximately match their location to the target Instagram account’s region, begin a password reset process, and then ask Meta’s AI support chatbot to change the email address associated with the account, according to 404 Media. It’s a very straightforward prompt injection https://arstechnica.com/tag/prompt-injection/ attack. Neowin reported https://www.neowin.net/news/people-are-using-prompt-injection-to-trick-metas-ai-into-handing-over-instagram-accounts/ having the exploit as being “active in the wild for months, going as far back as February of this year, with hackers compromising thousands of accounts.” But the exploit seems to have gained more public notice in recent days with the compromise of high-profile accounts. Prominent researchers, such as Jane Manchun Wong, https://x.com/wongmjane/status/2061456887959474393 have also recently reported that their accounts were hacked. On May 31, the pseudonymous open source intelligence researcher ZachXBT https://x.com/zachxbt/status/2061251183675949365 posted on X about how “the Meta AI support is garbage and has lots of access perms which allowed you to reset passwords to any user without 2FA and did not verify who you are.” At the same time, the researcher Dark Web Informer https://x.com/zachxbt/status/2061251183675949365 described the same exploit https://x.com/DarkWebInformer/status/2061253599758315527?ref src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E2061253599758315527%7Ctwgr%5E5eb6a968bb1cea1f2b3fc5e955289ac51fa72ed5%7Ctwcon%5Es1 c10&ref url=https%3A%2F%2Fcybersecuritynews.com%2Finstagram-meta-ai-vulnerability%2F on X while noting it had been recently patched.