Hackers Exploit Meta's AI Chatbot to Hijack Instagram Accounts
TL;DR
- Reports from the weekend said attackers abused Meta’s AI support chatbot to help hijack Instagram accounts, with some claims that 100+ high-value accounts were affected before a patch was applied.
- The apparent attack path involved prompt manipulation or abusing the chatbot during account-recovery workflows, raising fresh concerns about how much authority AI support tools should have.
- Meta has reportedly fixed the flaw, but the incident highlights broader security risks when AI systems are integrated into sensitive account-access and recovery processes.
Hackers Exploit Meta's AI Chatbot to Hijack Instagram Accounts
A wave of user reports over the weekend described a troubling pattern: hackers allegedly used Meta’s AI support chatbot to compromise Instagram accounts by manipulating the company’s automated help system. Multiple accounts were reportedly taken over, and one account of the incident claimed the flaw had already been used against more than 100 high-value Instagram profiles before it was patched.
The core concern is not just that accounts were stolen, but how the attack may have worked. According to the reports, attackers appear to have abused Meta’s AI support and recovery tooling rather than relying solely on traditional phishing or password theft.
How the attack reportedly worked
The accounts were allegedly compromised through manipulation of Meta’s AI-powered support chatbot, which may have been involved in password recovery or identity-verification flows. In one account of the issue, attackers used simple prompt-based tricks to influence the chatbot’s behavior and push it toward unauthorized account access.
This kind of weakness is often described as prompt injection, where an attacker crafts inputs designed to steer an AI system into doing something unintended. In this case, the alleged outcome was especially severe because the chatbot was tied to account recovery, a high-trust function that can affect a user’s ability to reclaim an account.
Why this matters for Instagram security
If a support chatbot can be manipulated into assisting with account takeover, the issue goes beyond a single bug. It suggests that automated support systems may need stricter guardrails before they are allowed to influence sensitive actions such as password resets, recovery approvals, or identity checks.
That concern is reinforced by earlier reporting on Meta AI security problems. In a separate issue earlier in 2025, a researcher found a bug that could expose private prompts and AI-generated responses from other users, showing that Meta has already faced scrutiny over authorization flaws in its AI systems.
Meta has reportedly patched the flaw
The reports indicate that Meta has already patched the vulnerability, and one source says the flaw is no longer actively usable for users whose accounts were not already compromised.
Even so, the reported impact underscores a difficult reality for platforms that are rapidly adding AI into support and moderation workflows: if the AI layer is connected to account access, even a seemingly small logic flaw can become a major security incident.
A broader warning for social platforms
The incident arrives at a time when social platforms are under pressure to automate more of their user support and safety operations. But automation can create new attack surfaces, especially when systems are designed to be helpful, permissive, and fast.
Security researchers have long warned that AI tools can be vulnerable when they are treated as trusted intermediaries rather than untrusted software components. The Meta incident, if confirmed in full, would be a stark example of that risk: a chatbot intended to assist users may have been turned into a tool for account hijacking.
What users should do now
Users concerned about account security should review recovery options, enable stronger authentication methods, and watch for unexpected password-reset activity. They should also be cautious about any message or support interaction that asks them to confirm identity outside official account-management flows. While the reported flaw has been patched, stolen accounts can remain at risk if attackers still control recovery details or session access.
The bigger picture
The most striking part of this story is that it blends two of the internet’s most sensitive systems: identity recovery and AI automation. When those systems intersect, a chatbot bug can become an account-takeover vector with real-world consequences for creators, businesses, and high-profile users.
For Meta, the episode is another reminder that AI features embedded in core platform operations need the same level of security scrutiny as payments, authentication, and moderation systems.
Get All The Latest Updates Delivered Straight To Your Inbox For Free!