A major security flaw in Meta’s AI-powered customer support chatbot allowed hackers to take control of Instagram accounts by simply asking for access, compromising several high-profile accounts before the company patched the vulnerability.
The exploit, which emerged over the past week, enabled attackers to bypass standard security measures including two-factor authentication, leading to the hijacking of accounts belonging to former President Barack Obama’s official White House handle, the US Space Force’s Chief Master Sergeant, and beauty retailer Sephora .
How the hack worked
The attack method was alarmingly simple. Hackers used a Virtual Private Network (VPN) to make their location appear to match the target account’s geographic region, circumventing Instagram’s automated security checks .
They then opened a chat with Meta’s AI support assistant and made a straightforward request: change the email address linked to the targeted account to one they controlled. The AI chatbot complied, sending a verification code to the hacker’s email address. Once the code was provided, the system displayed a password reset link, granting full account access .
Crucially, the attackers never needed to compromise the legitimate email address already associated with the Instagram account . The vulnerability even bypassed multi-factor authentication for accounts that had it enabled .
High-profile accounts compromised
The flaw led to a series of high-profile account takeovers. The Obama White House Instagram account, which has 2.4 million followers and had been dormant since 2017, was compromised and posted content supporting Iran .
Other affected accounts included the official handle of US Space Force Chief Master Sergeant John Bentivegna and the verified account of beauty retailer Sephora .
Security researcher and former Meta employee Jane Manchun Wong also reported that her Instagram password was “changed without my knowledge,” expressing concern about repeated password reset attempts .
Meta’s response and fix
Meta spokesperson Andy Stone confirmed the vulnerability on X (formerly Twitter), stating: “This issue has been resolved and we are securing impacted accounts.”
Stone also dismissed claims that the vulnerability was used to hack into accounts of world leaders as “totally false,” even as the Obama White House account was publicly confirmed to have been compromised .
The company did not disclose how many accounts were ultimately affected. However, researchers noted the exploit had been active for months, with evidence suggesting it was first discovered as early as February 2026 .
AI-powered social engineering
Cybersecurity experts described the incident as a new form of social engineering — not targeting humans, but an AI system programmed to be helpful rather than suspicious.
“The bad actor would simply tell the AI chatbot that it needed to reset a targeted Instagram account’s password,” one analysis noted. The AI chatbot was “weaponized” to hand over account access without proper verification .
NordVPN’s Chief Technology Officer Marijus Briedis commented: “When AI chatbots have too much authority and too little verification, they can become a serious security risk. Account recovery should never rely on convenience alone, because the person asking for access may not be the rightful owner.”
User complaints: No human support
Compounding the problem, affected users reported difficulty regaining access to their accounts after the breach. One X user noted: “We’re at the point where one AI stole it and another can’t fix it, zero humans in the loop anywhere.”
The incident has raised broader questions about technology companies’ rush to replace human customer service with AI systems that may lack adequate security verification for high-risk functions like password resets .
Meta introduced its AI support assistant globally in March 2026, positioning it as a 24/7 solution capable of handling a wide range of user support requests, including password resets and account recovery .
This incident demonstrated how quickly that convenience can become a critical vulnerability when proper safeguards are not in place.
