Meta Patches Instagram Vulnerability Exploited via AI Support Chatbot

Hackers used Meta’s AI support chatbot to take over Instagram accounts by directing it to link a new email address and reset the password. com,” after which the chatbot sent a verification code that allowed the hacker to complete the takeover. The vulnerability surfaced around the same time the @obamawhitehouse account began posting images containing Iranian propaganda on Sunday.

U.S. Space Force Chief Master Sergeant and beauty retailer Sephora, as well as the account of security researcher Jane Manchun Wong. Wong wrote on X that the password was changed without her knowledge and that she received multiple password-reset attempts throughout the previous day while being repeatedly logged out of the Instagram iOS app.

Some attackers used a VPN to appear in the same geographic area as their targets when contacting support. Meta rolled out the AI-powered support assistant in March 2026 to assist users with password resets, two-factor authentication setup, and account recovery. ” Meta communications head Andy Stone stated on X that the issue had been resolved and that the company was securing impacted accounts.

The Verge reported that the flaw has since been patched. Gergely Orosz, creator of The Pragmatic Engineer newsletter, wrote on X that Instagram’s trust and safety team had been “absolutely gutted” by recent layoffs and reassignments to AI-related tasks, adding that the incident appeared to stem from engineers applying AI tools without adequate security incentives.