Hackers found a way to exploit Meta’s AI-powered support chatbot to take over Instagram accounts, prompting Instagram to fix the issue after reports of hijacked profiles spread online over the weekend. The attack underscores a growing concern among cybersecurity experts: that people may trust AI systems too readily, even when those systems are helping manage sensitive account changes.
According to TechCrunch, the method involved tricking Meta AI Support Assistant into helping add a new email address to a victim’s Instagram account, then using a verification code and password reset flow to gain access. In the example TechCrunch described, the attacker used a VPN to mask their location, opened a chat with the bot, and asked it to make the change as if it were a legitimate support request. Once the chatbot sent a verification code to the attacker’s chosen email address, the attacker relayed that code back to the bot and was then able to reset the password and take over the account.
The issue came to public attention after several Instagram users said their accounts had been compromised, including claims on Reddit and X, where users posted warnings about similar hijackings. Fast Company reported that the inactive Instagram account for the Obama White House was also defaced over the weekend with pro-Iranian images and messages, though it was not clear from the reporting whether that case was directly tied to the same technique. TechCrunch said Instagram has since resolved the security issue, and company spokesperson Andy Stone said on Monday that the problem had been fixed.
The broader concern is not just the individual hacking method, but the role of AI in sensitive support functions. Tomas Stamulis, the chief security officer at Surfshark, told Business Insider that Meta’s AI assistant was acting like “an inexperienced employee,” highlighting the risk of treating automated systems as though they have human judgment. The incident suggests that if an AI chatbot is allowed to help with account recovery or changes to security settings, attackers may be able to manipulate it in ways that bypass ordinary safeguards.
The case also fits into a wider pattern of Instagram security problems that have affected users over the years. Separate reporting from Infosecurity Magazine has shown that weaknesses in account reset processes can expose large numbers of accounts to takeover, especially when attackers can manipulate email or phone-number settings. In this latest episode, TechCrunch said the attacker never needed control of the victim’s original email account, making the abuse especially concerning because the normal assumption is that email ownership is a key layer of protection.
For users, the immediate lesson is to treat any unsolicited messages, recovery prompts, or AI-assisted support interactions with caution. Security guidance from official and law-enforcement sources commonly recommends strong, unique passwords and two-factor authentication, along with vigilance about phishing attempts and account recovery requests. For Meta, the episode raises questions about how much authority AI systems should have when they interact with account security, and how to prevent them from being manipulated into helping the wrong person.