Hackers Trick Meta AI Support Chatbot to Seize Instagram Accounts

Attackers exploited Meta's AI-powered support chatbot to hijack Instagram accounts by tricking the bot into linking victim accounts to attacker-controlled emails and using chatbot-generated verification codes to reset passwords, according to multiple news outlets. High-profile accounts including the former White House account used by Barack Obama, Sephora, and a senior U.S. Space Force official were reportedly affected. Meta spokesperson Andy Stone stated the issue has been fixed, and the company is securing impacted accounts.

Hackers Trick Meta AI Support Chatbot to Seize Instagram Accounts Multiple news outlets report that attackers exploited Meta's AI-powered support chatbot to take control of Instagram accounts by asking the bot to link a victim's account to an email the attacker controlled, then using the chatbot-sent verification code to reset passwords. Reuters, BBC, TechCrunch, Business Insider and Schneier on Security present videos and screenshots showing the flow, and multiple high-profile accounts were reportedly affected including the former White House account used by Barack Obama, Sephora, and a senior U.S. Space Force official reports: Reuters; TechCrunch; BBC . Meta spokesperson Andy Stone wrote on X that "the issue that did happen has already been fixed," TechCrunch reported, and Reuters said Meta is securing impacted accounts. Security researcher Jane Manchun Wong told Reuters it took about 5 to 10 minutes to reinstate her account. What happened News outlets and independent security researchers report that attackers persuaded Meta's AI support chatbot to facilitate Instagram account takeovers. Screenshots and videos shared on social media and cited by Reuters, BBC and Schneier on Security show an attacker using a VPN to spoof location, asking the chatbot to add a new email address to a target account, receiving a verification code sent to the attacker's email, and then using the chatbot's presented "Reset Password" flow to set a new password. Reuters and TechCrunch list affected profiles including the former White House Instagram account associated with Barack Obama, Sephora, and a senior U.S. Space Force official; BBC and TechCrunch document the social-media posts and alleged demonstrations. Meta spokesperson Andy Stone wrote on X that "the issue that did happen has already been fixed," TechCrunch reported, and Reuters wrote that Meta said it was securing impacted accounts. Reuters also reported the company's shares fell by more than 5% after the episode. Technical details Editorial analysis - technical context: Public reporting frames the incident as a combination of social engineering, location spoofing via VPN and weaknesses in an automated account-recovery flow. Reuters and other outlets describe the attack class as a form of "prompt injection," where user input manipulates an AI assistant into performing privileged actions without independent identity verification. Industry commentary in TechCrunch, Bitdefender and security blogs highlights that the chatbot completed the full recovery workflow, sending a verification code to an attacker-controlled email and enabling a password reset, without human intervention, creating a short, automatable path to account takeover. Context and significance Observers and security researchers portrayed the incident as a notable failure-mode for putting high-trust security operations behind an LLM-driven interface. Bruce Schneier wrote on Schneier on Security that "LLM chatbots are not trustworthy enough for this application," framing the event as illustrative of broader trust limits for current generative models. Reuters noted investor concern about Meta's accelerated AI spending after the incident; Reuters reported Meta shares dipped following news that high-profile accounts were compromised. Multiple outlets, including TechCrunch and BBC, reported that victims and researchers posted evidence of the exploit and that discussions of the technique circulated in chat and Telegram channels. What to watch For practitioners: key indicators to monitor include: - •public disclosure of a post-incident technical postmortem or audit from Meta detailing the exact authorization checks bypassed; - •how account-recovery and privileged workflows are instrumented for audit logs and human escalation points; - •whether social-engineering vectors such as location-spoofing and email-verification flows are reworked or rate-limited; - •regulatory or platform responses that could mandate stronger multi-factor or out-of-band verification for high-risk account actions. Industry watchers should also track whether similar takeovers appear on other platforms that expose automated recovery flows to conversational agents. Scoring Rationale This is a notable, practitioner-relevant security incident showing concrete abuse of an LLM-driven recovery flow. It does not change fundamental model capabilities, but it raises operational-security concerns for production automation of high-trust tasks. Practice with real Ad Tech data 90 SQL & Python problems · 15 industry datasets Active Search Campaigns by BudgetEasy /problems/sql/active-search-campaigns-by-budget High CPC Clicks & Poor Landing PagesMedium /problems/sql/high-cpc-clicks-poor-landing-page Campaign ROAS by Attribution ModelHard /problems/sql/campaign-roas-by-attribution-model 250 free problems · No credit card See all Ad Tech problems /problems/datasets/adtech