Cybercriminals have used Meta's AI support assistant to carry out mass account takeovers on Instagram. This was reported by 404 Media, citing security researchers' findings.
The hackers employed a method known as direct "prompt injection." They requested the chatbot to change the email address linked to the profile. The only additional requirement for success was using a VPN that matched the geolocation of the true account owner.
Once the bot changed the email settings without further identity verification, the attackers initiated the standard password reset procedure, gaining full control of the account.
Scope of the Problem
Among the compromised profiles were the archived account of the White House from Barack Obama's presidency, the page of U.S. Space Force Chief Master Sergeant John Bentivegna, and the official profile of the Sephora brand. According to former Meta employee Jane Wong, her personal accounts were also hacked.
Hackers managed to post pro-Iranian content on the White House profile. Other criminals sought rare "short" usernames for resale on dark web forums.
The Meta AI Support Assistant was launched in March, marketed as a solution for automating access recovery "from start to finish."
Company representative Andy Stone announced that the vulnerability has been fixed.
This issue has been resolved and we are securing impacted accounts.
— Andy Stone (@andymstone) June 1, 2026
Expert Opinions
Experts interviewed by MIT Technology Review described the incident as a failure of basic security protocols. Somesh Jha, a professor at the University of Wisconsin-Madison, noted that AI agents are "too eager to complete tasks" and overlook security questions that a human would typically ask.
Experts emphasized that Meta neglected thorough "red teaming" before deploying AI in critical areas like security settings management.
It is worth noting that in May, Socket reported an attack on the supply chain for cryptocurrency and AI system developers.