Title: Meta AI Chatbot Exploited to Compromise Instagram Accounts

Instagram has patched a vulnerability that enabled attackers to seize control of user accounts by deceiving the platform’s AI-driven customer service bot. The breach, which came to light over the weekend, involved social media users on Reddit and X reporting unauthorized access to their profiles. Notable targets included the long-inactive Instagram handle for the Obama-era White House and the profile of U.S. Space Force Chief Master Sergeant John Bentivegna. Security expert Jane Wong also confirmed her account was compromised, noting, “The password got changed without my knowledge and I was getting different password reset attempts throughout yesterday,” adding, “Quite concerning.”

A video circulated on X detailed the method used to execute the hack. According to the footage, the attacker utilized a VPN to mask their true location, thereby bypassing Instagram’s automated security measures. The perpetrator then initiated a conversation with Meta AI Support Assistant, requesting that a new email address be added to the victim’s profile. The bot subsequently dispatched a verification code to the hacker-provided email. Upon receiving this code, the hacker input it into the chat, prompting the assistant to display a “Reset Password” option. The attacker then set a new password, effectively locking the legitimate user out.

TechCrunch verified the validity of the attack by confirming that the public email address shown in the video successfully received the verification code. The exploit’s core weakness was that it never required the hacker to gain access to the victim’s actual linked email account.

On Monday, Instagram spokesperson Andy Stone addressed Wong’s post and similar reports, confirming that the security flaw had been resolved. The exact number of affected users remains unknown, and Meta has not yet responded to TechCrunch’s request for further comment.

Contact Us Have additional details regarding these Instagram breaches or other platform vulnerabilities? We welcome your input. For secure communication from a personal device and network, you may reach Lorenzo Franceschi-Bicchierai via Signal at +1 917 257 1382, or through Telegram and Keybase using the handle @lorenzofb.

Source: TechCrunch Generated at: 2026-06-01 18:34:32 UTC