Instagram AI Chatbot Exploited by Hackers to Seize User Accounts

Meta has confirmed that it has patched a security flaw that allowed attackers to manipulate Instagram’s artificial intelligence support tool into granting them access to other users' profiles.

Recent screenshots and videos circulating on social media suggest that the platform’s AI assistant was exploited to "hijack" accounts. According to reports, hackers were able to reset passwords for targeted profiles by spoofing their geographic location and subsequently requesting that the AI update the account’s associated email address.

"This issue has been resolved and we are securing impacted accounts," Meta spokesperson Andy Stone stated in a message posted on X. Stone also addressed and dismissed rumors that the vulnerability had been used to compromise the accounts of world leaders, labeling such claims as "totally false."

However, the timing of the reported exploits has drawn attention due to a concurrent wave of high-profile account takeovers. Tech publication 404media noted that these incidents overlapped with the compromise of several prominent profiles, including a verified account linked to Barack Obama during his presidency. Before the account was restored, it reportedly posted content supporting Iran.

While the total number of compromised accounts remains unknown, high-profile security experts have confirmed they were affected. Jane Manchun Wong, a security researcher and former Meta employee, took to X to describe her experience. "My Instagram password got changed without my knowledge and I was getting different password reset attempts throughout yesterday," she wrote, adding, "Quite concerning."

This event highlights growing anxieties regarding the security implications of increasingly sophisticated AI systems. Social media videos purported to demonstrate the mechanics of the exploit. In one clip, shared by cybersecurity expert Dark Web Informer on X, a user is seen searching for a target username within Instagram’s recovery flow. The attacker utilizes a virtual private network (VPN) to mask their location and mimic the legitimate account holder.

Once the target account is selected, the attacker messages Meta AI’s support assistant, requesting a new email be linked to the profile and a verification code be sent. The bot complies, delivering the code to the hacker’s email. Upon verification, the attacker receives an email containing a link to reset the password, thereby gaining full control of the account.

Frustration with the lack of human intervention has also surfaced. One X user reported being unable to reach human customer service after their account was breached. "We're at the point where one AI stole it and another can't fix it, zero humans in the loop anywhere," the user commented.

The BBC has reached out to Meta to inquire about the availability of human support for users dealing with hacked accounts. Meta has previously faced criticism for insufficient support when accounts are hacked or incorrectly suspended. Last week, an independent dispute resolution body in the EU reported that Meta rarely responds to cases where users claim they were wrongfully banned. These support issues arise as the company undergoes significant workforce reductions while simultaneously investing billions in AI development.

To follow the world's top tech stories and trends. Outside the UK? Sign up here.

Source: BBC News Generated at: 2026-06-02 11:40:02 UTC