Society & Ethics

Meta’s own AI was exploited to hijack Instagram accounts

AI Quick Briefs Editorial Desk · June 1, 2026
Meta’s own AI was exploited to hijack Instagram accounts

What happened

Meta’s AI-powered Instagram support chatbot was exploited by hackers to hijack accounts. A video surfaced on Telegram showing a hacker using the chatbot to request an email change on someone else’s profile. This loophole let the attacker reset passwords and take control of the account. Meta has since patched the vulnerability. The issue surfaced around the time Barack Obama’s White House Instagram account was compromised, highlighting a high-profile incident linked to similar tactics.

The risk

The exploit reveals AI support tools can introduce new attack vectors when they have authority over sensitive account changes. By trusting AI chatbots to handle email resets without strong verification, platforms risk automated social engineering attacks. This raises concerns about deploying AI in customer support functions that handle account security. It shifts risk from traditional phishing or credential theft to manipulation through chatbot interactions.

Why it matters

For businesses and platforms using AI in customer service, this incident pressures security teams to rethink authentication controls around AI-driven workflows. Allowing AI chatbots to perform critical account actions without human oversight or multifactor checks weakens security. It forces operators to balance automation benefits with the risk of granting AI too much power over user accounts while minimizing friction. The breach also lowers trust in AI-assisted support channels for identity management.

Who should pay attention

Security teams, social media operators, and AI product managers need to watch this closely. Any organization integrating AI into account recovery or user support must harden verification checks. Founders and investors in AI customer service solutions should require robust safeguards to avoid similar exploits. Users with valuable or high-profile accounts need to be aware that AI-based support can be an attack vector and remain vigilant.

What to watch next

Monitor how Meta and other tech companies evolve AI chatbot policies to limit authority over account changes. Watch for updated security frameworks integrating AI support tools with strict authentication, audit logs, and anomaly detection. Check for potential regulatory backlash or new industry standards on AI usage in sensitive workflows. The incident may trigger wider caution around AI handling identity data across platforms.

AI Quick Briefs Editorial Desk

Read Full Article →
Related
Amazon Shuts Down Internal AI Leaderboard After Employees Cheated
Amazon Shuts Down Internal AI Leaderboard After Employees Cheated
Hackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts. It Worked
Hackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts. It Worked
DuckDuckGo makes its ‘no-AI’ search engine easier to access as its traffic booms
DuckDuckGo makes its ‘no-AI’ search engine easier to access as its traffic booms
Stay ahead of AI Get the most important AI news delivered to your inbox — free.
Subscribe →