Meta Fixes Instagram AI Flaw Used in Account Takeovers
An alleged security flaw in Meta’s AI powered Instagram support system allowed attackers to take over user accounts by manipulating the chatbot into processing password recovery requests.
Quick Summary – TLDR:
Meta patched a flaw in its AI-powered Instagram account recovery assistant after reports of account takeovers surfaced online.
Attackers allegedly used prompt injection techniques to convince the AI to send password reset links to unauthorized email addresses.
Several high value Instagram usernames were reportedly compromised and later listed for sale on Telegram channels.
The incident has renewed concerns about giving AI systems direct access to sensitive account management functions.
What Happened?
Meta has fixed a vulnerability in its AI-powered Instagram support assistant after security researchers and affected users reported a series of account takeovers linked to the tool. According to reports, attackers were able to manipulate the chatbot into changing account recovery information and initiating password reset processes without sufficient verification.
The flaw reportedly affected Instagram’s AI driven account recovery workflow, raising fresh questions about how much authority AI systems should have when handling sensitive user account actions.
meta gave their AI support agent the ability to modify your instagram account. no identity verification. people figured this out and accounts are being taken over right now pic.twitter.com/60yRrImnaZ— impulsive (@weezerOSINT) May 31, 2026
How the Alleged Exploit Worked?
The attack did not involve hacking Meta’s servers or breaching company databases. Instead, researchers say the issue existed within the AI assistant’s decision making process.
According to reports from researchers including ZachXBT and Dark Web Informer, attackers would first identify a target Instagram account, often one with a short and highly desirable username. They then used a VPN or proxy service to make their connection appear consistent with the target’s location.
Attackers allegedly sent simple instructions to the Meta AI support assistant, asking it to link a new email address to the account and initiate a password reset. The chatbot reportedly processed these requests and sent recovery emails to addresses controlled by attackers.
Researchers described the issue as a form of prompt injection, where carefully crafted instructions influence an AI system into performing actions it should not authorize.
High Value Accounts Reportedly Targeted
The campaign appears to have focused primarily on so called OG accounts, which are Instagram accounts with short, rare, or highly sought after usernames.
Among the usernames reportedly affected were @hey and @jowo, accounts that researchers estimated could be worth significant sums on underground markets. Dark Web Informer reported that compromised accounts began appearing for sale on Telegram channels shortly after they were taken over.
One of the most widely discussed incidents involved the dormant Obama White House Instagram account, which had not posted since January 2017. After being compromised, the account briefly displayed an image with the caption: “The White House is under Shiites’ control.”
Well known app researcher Jane Manchun Wong also reported that her Instagram account had been compromised during the wave of attacks.
Subscribe To Our Newsletter!
Be the first to get exclusive offers and the latest news.
Why Security Experts Are Concerned?
Security researchers say the incident highlights a growing problem as companies increasingly give AI systems direct access to sensitive account management tools.
Meta describes its AI support assistant as a personalized tool that can help users recover accounts and perform actions directly inside Facebook and Instagram. While this improves convenience, experts warn that AI systems can become attractive targets if proper authentication controls are not enforced.
Many researchers compared the issue to a classic confused deputy vulnerability, where a trusted system with elevated permissions is manipulated into performing actions on behalf of an unauthorized user.
The broader concern is that AI assistants can become a new attack surface when they are connected to production systems capable of changing account settings, resetting passwords, or modifying user information.
Meta moved quickly to address the issue after complaints and reports gained attention online.
In a statement, a Meta spokesperson said:
“We fixed an issue that allowed an external party to request password reset emails for some Instagram users. There was no breach of our systems and people’s Instagram accounts remain secure.Meta Spokesperson
The company emphasized that its backend systems were not compromised. However, researchers noted that users whose accounts were affected experienced real consequences regardless of whether company databases were breached.
Reports indicate the vulnerability may have been active for months before being patched, with some claims suggesting thousands of accounts could have been targeted during that period.
What Users Should Do?
Security experts recommend several steps to reduce the risk of account compromise:
Enable app based two factor authentication instead of SMS verification whenever possible.
Use a private email address that is not publicly associated with social media accounts.
Store backup recovery codes in a secure location.
Review active login sessions regularly and remove unfamiliar devices.
Use strong, unique passwords managed through a trusted password manager.
SQ Magazine Takeaway
I think this incident is one of the clearest examples yet of the security risks that come with giving AI systems real authority over user accounts. The problem was not necessarily the AI model itself. The bigger issue was allowing an AI assistant to interact with sensitive account recovery tools without stronger verification safeguards.
As more companies rush to integrate AI into customer support and account management systems, this event serves as a reminder that convenience cannot come at the expense of security. AI may be able to answer questions instantly, but when it comes to changing passwords and account ownership details, there still needs to be a hard security checkpoint that cannot be talked around.
