Meta AI Chatbot Allowed Account Takeovers on Instagram

Hackers gained access to multiple Instagram accounts by asking Meta's AI support chatbot to link the accounts to new email addresses. The chatbot sent verification codes to the new addresses. After the codes were entered, the chatbot allowed password resets, according to videos and screenshots shared online.

Screenshots indicated that the Instagram accounts associated with Barack Obama's White House, the retailer Sephora, and U.S. Space Force chief master sergeant John Bentivegna were accessed. As of Tuesday afternoon, the three accounts appeared restored.

Meta vice president Andy Stone wrote in a Monday post that the issue had been resolved and that impacted accounts were being secured. The company did not respond to further questions. It remains unclear how many accounts were affected overall. Business Insider was unable to independently verify the reported methods.

Cybersecurity professionals told Business Insider that the incident highlights risks when AI systems handle account recovery functions. One specialist said social media platforms have prioritized AI features before strengthening account security. Another noted that Meta deployed the AI agent without sufficient limits on what it could access or change.

A third professional compared the chatbot to an inexperienced employee that does not recognize when a request appears suspicious. Security researcher Jane Wong reported that her Instagram password was changed without her knowledge and that she continued receiving login codes over the weekend.

Meta launched the AI support assistant in March to handle account issues such as password changes. The company laid off about 8,000 employees last month, including staff from its integrity and cybersecurity teams.