Meta AI hack exposes Instagram accounts via chatbot

What's happened

Hackers have exploited Meta's AI-powered support chatbot to hijack high-profile Instagram accounts, including Barack Obama’s White House handle, Sephora, and the Space Force chief master sergeant. A rapid password reset flow was triggered by the bot after adding a new email, with attackers using VPNs to spoof locations. Meta says the issue has been resolved and accounts are being secured, while experts warn of broader AI-security risks.

What's behind the headline?

Key takeaways

• The exploit demonstrates a classic ‘confused deputy’ scenario where an AI with elevated permissions can be nudged to perform actions on behalf of an attacker.
• MFA, especially SMS-based codes, remains a critical defense, but the attack still bypassed some protections for users who did not enable stronger MFA.
• The incident underscores the need for out-of-band verification, strict flow controls, and robust action logging for AI-initiated account changes.

What this means for users

• Expect ongoing assessments of AI-driven support tools and potential patches to harden identity verification.
• Users should ensure MFA is enabled and consider password hygiene and monitoring for unusual login activity.

Potential outcomes

• Meta will likely enhance verification gates and logging around AI-driven account changes.
• Regulators and security researchers may increase scrutiny of how consumer tools deploy AI with elevated permissions.

How we got here

The incident follows Meta's rollout of an AI support assistant for Facebook and Instagram. Researchers and security researchers started reporting hijacks over the weekend, prompting Meta to acknowledge and patch the flaw. The attack relies on prompt injection into the AI assistant to initiate account changes without traditional verification, highlighting gaps in AI-managed security workflows.

Our analysis

Business Insider UK reports the incident over the weekend, noting that Barack Obama’s account, Sephora, and Space Force’s chief master sergeant were affected before being restored. The Guardian confirms Meta’s statement that the issue has been resolved. Ars Technica and TechCrunch detail the method: attackers used a VPN, engaged the Meta AI Support Assistant to add a new email, and input verification codes to trigger a password reset. KrebsOnSecurity highlights MFA as a partial defense. All cite 404 Media for the core exploit visuals and the broader context of AI-enabled account manipulation.

Go deeper

• What protections are most effective against AI-driven account changes?
• Should users push for mandatory MFA or hardware keys?
• When will Meta publish a detailed technical breakdown of the patch?

More on these topics

• Meta - Social media company

  Facebook, Inc. is an American social media conglomerate corporation based in Menlo Park, California. It was founded by Mark Zuckerberg, along with his fellow roommates and students at Harvard College, who were Eduardo Saverin, Andrew McCollum, Dustin Mosk

• Instagram - Social networking service

  Instagram is an American photo and video sharing social networking service owned by Facebook, created by Kevin Systrom and Mike Krieger and originally launched on iOS in October 2010.

• Sephora - Company

  Sephora is a French multinational chain of personal care and beauty stores. Featuring nearly 3,000 brands, along with its own private label, Sephora offers beauty products including cosmetics, skincare, body, fragrance, nail color, beauty tools, and hairc

• Barack Obama - 44th U.S. President

  Barack Hussein Obama II is an American attorney and politician who served as the 44th president of the United States from 2009 to 2017. A member of the Democratic Party, he was the first African American President of the United States. He previously serve