Meta AI support chatbot gave hackers access to notable Instagram accounts
June 1, 2026
Pricey Instagram handles were stolen and resold before Meta patched the exploit.
Meta’s AI support chatbot proved unusually helpful to hackers looking to steal and resell notable Instagram accounts—the hackers simply asking the bot to change the accounts’ associated email addresses while using VPN to mask their true locations.
Videos featuring the “shockingly easy” exploit have been circulating among Telegram groups for hackers and security researchers, according to 404 Media. The exploit allowed hackers to take over and flip valuable Instagram accounts worth hundreds of thousands of dollars on the gray market before Meta implemented an emergency patch on May 29. The Barack Obama White House account and the Chief Master Sergeant of Space Force’s account also posted pro-Iranian images and messages while they were temporarily compromised.
Attackers simply had to use a VPN to approximately match their location to the target Instagram account’s region, begin a password reset process, and then ask Meta’s AI support chatbot to change the email address associated with the account, according to 404 Media. It’s a very straightforward prompt injection attack.
Neowin reported having the exploit as being “active in the wild for months, going as far back as February of this year, with hackers compromising thousands of accounts.” But the exploit seems to have gained more public notice in recent days with the compromise of high-profile accounts. Prominent researchers, such as Jane Manchun Wong, have also recently reported that their accounts were hacked.
On May 31, the pseudonymous open source intelligence researcher ZachXBT posted on X about how “the Meta AI support is garbage and has lots of access perms which allowed you to reset passwords to any user without 2FA and did not verify who you are.” At the same time, the researcher Dark Web Informer described the same exploit on X while noting it had been recently patched.
Both ZachXBT and Dark Web Informer also confirmed how hackers had targeted and resold particularly valuable Instagram accounts, including the short handles @hey and @jowo with a “combined gray-market valuation estimated above $1 million,” according to the CyberSec Guru. Such accounts can be valuable even if hackers hold them for just a few days because of “clout, resale or brand impersonation,” the security blog reported.
The wide security hole
The CyberSec Guru also described the exploit as representing the classic “confused deputy” problem from computer security, in which a program with elevated permissions is tricked into misusing those permissions on behalf of a less privileged third party. But in this case, the “deputy” was a large language model with a “probabilistic response model you can nudge with words” instead of a “deterministic program” with “hard-coded conditionals you’d need to bypass with code.”
It’s worth keeping in mind that users had simple security solutions available, even with the Meta AI support chatbot being exploited. The hackers reported their exploit failing against any accounts that had enabled multifactor authentication (MFA), including the “least robust form of MFA that Instagram offers” in the form of one-time codes sent through SMS, according to KrebsOnSecurity.
But the exploit still highlights the broader risk of tech companies and other organizations rushing to deploy AI agents with elevated permissions that allow them to modify, create, or delete critical data. Meta had launched its Meta AI support assistant in March 2026 with the promise that it could “provide reliable, 24/7 support for nearly any support issue at any time.”
The “minimum” architecture required to do this more safely, according to the CyberSec Guru, would include “out-of-band verification before any account modification… rate limiting on AI-initiated reset flows keyed to account risk signals, action logging with anomaly detection for unusual AI-driven account modifications, and a hard deterministic gate.”
Search
RECENT PRESS RELEASES
Related Post
