Meta Fixes Instagram AI Flaw Used in Account Takeovers
Meta has fixed a vulnerability in its AI-powered Instagram support assistant that allowed attackers to use prompt injection techniques to manipulate the chatbot into sending password reset links to unauthorized email addresses. Several high-value usernames were compromised and listed for sale on Telegram, including @hey, @jowo, and the dormant Obama White House account.
An alleged security flaw in Meta’s AI powered Instagram support system allowed attackers to take over user accounts by manipulating the chatbot into processing password recovery requests.
Quick Summary – TLDR:
Meta patched a flaw in its AI-powered Instagram account recovery assistant after reports of account takeovers surfaced online.
Attackers allegedly used prompt injection techniques to convince the AI to send password reset links to unauthorized email addresses.
Several high value Instagram usernames were reportedly compromised and later listed for sale on Telegram channels.
The incident has renewed concerns about giving AI systems direct access to sensitive account management functions.
What Happened?
Meta has fixed a vulnerability in its AI-powered Instagram support assistant after security researchers and affected users reported a series of account takeovers linked to the tool. According to reports, attackers were able to manipulate the chatbot into changing account recovery information and initiating password reset processes without sufficient verification.
The flaw reportedly affected Instagram’s AI driven account recovery workflow, raising fresh questions about how much authority AI systems should have when handling sensitive user account actions.
meta gave their AI support agent the ability to modify your instagram account. no identity verification. people figured this out and accounts are being taken over right now pic.twitter.com/60yRrImnaZ
— impulsive (@weezerOSINT) May 31, 2026
How the Alleged Exploit Worked?
The attack did not involve hacking Meta’s servers or breaching company databases. Instead, researchers say the issue existed within the AI assistant’s decision making process.
According to reports from researchers including ZachXBT and Dark Web Informer, attackers would first identify a target Instagram account, often one with a short and highly desirable username. They then used a VPN or proxy service to make their connection appear consistent with the target’s location.
Attackers allegedly sent simple instructions to the Meta AI support assistant, asking it to link a new email address to the account and initiate a password reset. The chatbot reportedly processed these requests and sent recovery emails to addresses controlled by attackers.
Researchers described the issue as a form of prompt injection, where carefully crafted instructions influence an AI system into performing actions it should not authorize.
High Value Accounts Reportedly Targeted
The campaign appears to have focused primarily on so called OG accounts, which are Instagram accounts with short, rare, or highly sought after usernames.
Among the usernames reportedly affected were @hey and @jowo, accounts that researchers estimated could be worth significant sums on underground markets. Dark Web Informer reported that compromised accounts began appearing for sale on Telegram channels shortly after they were taken over.
One of the most widely discussed incidents involved the dormant Obama White House Instagram account, which had not posted since January 2017. After being compromised, the account briefly displayed an image with the caption: “The White House is under Shiites’ control.”
Well known app researcher Jane Manchun Wong also reported that her Instagram account had been compromised during the wave of attacks.