Breaking
FRMarine Le Pen candidate à la présidentielle, annonce sa candidature après sa condamnationRUQatar Protests Iran Over Attack on LNG Tanker in Strait of HormuzINTLTour de France Organisers Implement Emergency Measures Amidst Crushing HeatwaveARبدر الرزيزاء يدرس الترشح لرئاسة اتحاد الكرة السعودي.. والاتحاد السعودي للتنس أمام قرار حل مجلس الإدارةRURussia Increases Pipeline Gas Supplies to EU by 5% in H1 2026, IEA ReportsARميسي ينقذ الأرجنتين من الخسارة أمام مصر في كأس العالم، وسويسرا تفقد مانزامبيESArgentina remonta un 0-2 a Egipto y se clasifica para cuartos de final del Mundial 2026INICAI Networking Guidelines Put on Hold Amidst Big 4 LobbyingBRManicure processa prefeitura após enchente destruir sua casaAUTorstein Traeen Takes Tour de France Lead After Pyrenean StageFRMarine Le Pen candidate à la présidentielle, annonce sa candidature après sa condamnationRUQatar Protests Iran Over Attack on LNG Tanker in Strait of HormuzINTLTour de France Organisers Implement Emergency Measures Amidst Crushing HeatwaveARبدر الرزيزاء يدرس الترشح لرئاسة اتحاد الكرة السعودي.. والاتحاد السعودي للتنس أمام قرار حل مجلس الإدارةRURussia Increases Pipeline Gas Supplies to EU by 5% in H1 2026, IEA ReportsARميسي ينقذ الأرجنتين من الخسارة أمام مصر في كأس العالم، وسويسرا تفقد مانزامبيESArgentina remonta un 0-2 a Egipto y se clasifica para cuartos de final del Mundial 2026INICAI Networking Guidelines Put on Hold Amidst Big 4 LobbyingBRManicure processa prefeitura após enchente destruir sua casaAUTorstein Traeen Takes Tour de France Lead After Pyrenean Stage
Newsgather
BackMeta's AI Chatbot Exploited by Hackers to Steal Instagram Accounts
Meta's AI Chatbot Exploited by Hackers to Steal Instagram Accounts
Urgent
Ars Technica6/1/2026Tech3 min readUnited States

Meta's AI Chatbot Exploited by Hackers to Steal Instagram Accounts

Quick Look

  • Hackers exploited Meta's AI support chatbot to steal and resell valuable Instagram accounts by tricking it into changing associated email addresses.
  • The exploit, active for months, bypassed security measures until Meta implemented a patch.

AI-generated summary

Why It Matters

Hackers exploited Meta's AI support chatbot to steal and resell valuable Instagram accounts by tricking it into changing associated email addresses. This exploit, active for months, allowed attackers to compromise high-profile accounts before Meta implemented a patch.

Font size

Meta’s AI support chatbot proved unusually helpful to hackers looking to steal and resell notable Instagram accounts—the hackers simply asking the bot to change the accounts’ associated email addresses while using VPN to mask their true locations.

Videos featuring the “shockingly easy” exploit have been circulating among Telegram groups for hackers and security researchers, according to 404 Media. The exploit allowed hackers to take over and flip valuable Instagram accounts worth hundreds of thousands of dollars on the gray market before Meta implemented an emergency patch on May 29. The Barack Obama White House account and the Chief Master Sergeant of Space Force’s account also posted pro-Iranian images and messages while they were temporarily compromised.

Attackers simply had to use a VPN to approximately match their location to the target Instagram account’s region, begin a password reset process, and then ask Meta’s AI support chatbot to change the email address associated with the account, according to 404 Media. It’s a very straightforward prompt injection attack.

Neowin reported having the exploit as being “active in the wild for months, going as far back as February of this year, with hackers compromising thousands of accounts.” But the exploit seems to have gained more public notice in recent days with the compromise of high-profile accounts. Prominent researchers, such as Jane Manchun Wong, have also recently reported that their accounts were hacked.

On May 31, the pseudonymous open source intelligence researcher ZachXBT posted on X about how “the Meta AI support is garbage and has lots of access perms which allowed you to reset passwords to any user without 2FA and did not verify who you are.” At the same time, the researcher Dark Web Informer described the same exploit on X while noting it had been recently patched.

Both ZachXBT and Dark Web Informer also confirmed how hackers had targeted and resold particularly valuable Instagram accounts, including the short handles @hey and @jowo with a “combined gray-market valuation estimated above $1 million,” according to the CyberSec Guru. Such accounts can be valuable even if hackers hold them for just a few days because of “clout, resale or brand impersonation,” the security blog reported.

The wide security hole

The CyberSec Guru also described the exploit as representing the classic “confused deputy” problem from computer security, in which a program with elevated permissions is tricked into misusing those permissions on behalf of a less privileged third party. But in this case, the “deputy” was a large language model with a “probabilistic response model you can nudge with words” instead of a “deterministic program” with “hard-coded conditionals you’d need to bypass with code.”

It’s worth keeping in mind that users had simple security solutions available, even with the Meta AI support chatbot being exploited. The hackers reported their exploit failing against any accounts that had enabled multifactor authentication (MFA), including the “least robust form of MFA that Instagram offers” in the form of one-time codes sent through SMS, according to KrebsOnSecurity.

But the exploit still highlights the broader risk of tech companies and other organizations rushing to deploy AI agents with elevated permissions that allow them to modify, create, or delete critical data. Meta had launched its Meta AI support assistant in March 2026 with the promise that it could “provide reliable, 24/7 support for nearly any support issue at any time.”

The “minimum” architecture required to do this more safely, according to the CyberSec Guru, would include “out-of-band verification before any account modification… rate limiting on AI-initiated reset flows keyed to account risk signals, action logging with anomaly detection for unusual AI-driven account modifications, and a hard deterministic gate.”

What to Watch

AI outlook — possibilities, not facts

  • Meta will likely face increased scrutiny and potential regulatory action regarding its AI deployment and security practices.

    Likely · Within months

  • Other tech companies will reassess their AI support chatbot security protocols.

    Very likely · Within weeks

Open Questions

  • How many accounts were compromised before the patch was implemented?
  • What was the total estimated value of the stolen accounts?
  • Were any specific individuals or entities targeted beyond those mentioned?
  • What specific security measures were bypassed by the prompt injection attack?

Related Topics

This article was originally published by Ars Technica.

Related Stories

More on this topicMeta