CATEGORIES
home IT Infrastructure Security

Hackers Exploit Meta's AI Chatbot To Hijack Prominent Instagram Accounts

by Alan VelascoWednesday, June 03, 2026, 03:25 PM EDT
meta ai chatbot exploit account takeover hero
Meta has deployed an “AI support assistant” to help handle customer service requests, which is a monumental task considering the company has hundreds of millions of users worldwide. Unfortunately, hackers discovered that it was possible to convince the chatbot to change the e-mail address associated with an Instagram account and use that to take over some high profile accounts, according to a report by security researcher Brian Krebs.

Some of the notable accounts that were affected by this security loophole include that of former president Barack Obama, the Chief Master Sergeant of US Space Force and cosmetics company Sephora. Once these accounts were compromised the hackers defaced the users’ Instagram pages with pro-Iranian imagery, videos and messages.

Tricking Meta’s AI chatbot didn’t require much effort, as all the hackers had to do was request a password reset for the target account and choose to handle the request using the AI assistant. Once the chat starts the attacker instructs the chatbot to link a new e-mail address, which the attacker controls, to the target account. With that change in place the hacker can receive a one-time security code and change the password to the account. The one hoop the bad actors had to jump through was using a VPN to obtain an IP address near the victim’s location.

meta ai chatbot exploit account takeover body

Thankfully, Meta’s Vice President of Communications, Andy Stone, shared on social media platform X that “this issue has been resolved and we are securing impacted accounts.” While it’s great that the company took care of the problem quickly, it’s unnerving that the AI chatbot was so easily manipulated into giving an unauthorized user access to an account. Hopefully it’s a lesson that Meta and other companies can use to better secure AI systems.

Users are strongly encouraged to have some form of multi-factor authentication in place to protect online accounts, even basic SMS authentication is better than nothing. In this case, this extra security measure would’ve prevented at least some of these account takeovers.
Tags:  security, Privacy, instagram, meta, (nasdaq:meta)
Alan Velasco

Alan Velasco

When Alan isn’t watching his favorite streamers on Twitch he’s writing about tech, gaming and cybersecurity.
 
Opinions and content posted by HotHardware contributors are their own.
 
TOP STORIES
Which New GPU Is For You?
More Results
KEEP INFORMED

Stay updated with the latest news and updates. Subscribe to our newsletter!

Subscribe Now
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy Policy

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2026 Hot Hardware Inc, Inc.
All rights reserved. Privacy Policy - Copyright Notice - Terms Of Use