Meta has confirmed a security flaw in its AI-powered support chatbot that was exploited by hackers to take over a number of Instagram accounts. The case stands out because the affected profiles were not limited to ordinary users, but included high-profile accounts such as the White House Instagram account from the Barack Obama era.
The incident highlights a growing risk as AI tools are added to digital services at scale. A system designed to help users recover access can become a weak point if it can be manipulated into carrying out sensitive account changes.
How the takeover worked
According to theguardian, other accounts reported to have been affected included Sephora and accounts linked to senior U.S. military officials. The selection of targets suggests the campaign was deliberate rather than random.
Cybersecurity researchers said the attackers used Meta’s AI support chatbot to change the email address connected to the victim’s account. Once the email was altered, the attackers could trigger a password reset and gain full access.
That method is especially concerning because it uses an automated support path as the entry point. What should have helped users regain control instead became a route around basic account protection.
In several demonstrations circulating on social media and messaging platforms, the attackers were seen interacting directly with Meta’s AI chatbot. The sequence then led to full account takeover.
Meta says the flaw has been fixed
Meta said the issue has been addressed and that the company is securing the accounts that were affected. However, the total number of impacted users has not yet been made public.
The company has also not detailed the specific protections added after the flaw was discovered. Even so, Meta said the system used by the attackers is no longer usable.
The case comes as Meta expands AI across more of its services, including Facebook and Instagram. Earlier in 2026, the company introduced the AI Support Assistant to help users automatically with tasks ranging from reporting fake accounts to resetting passwords.
Security experts warn of prompt injection risks
Cybersecurity specialists described the attack as a form of prompt injection. The technique works by manipulating the instructions received by an AI system so the chatbot performs actions it was not meant to carry out.
The concern is growing because many chatbots now have access to sensitive actions. When a system can change account settings or process important requests, even a small logic flaw can be used for harmful purposes.
Researchers warned that similar cases could become more common as more companies integrate AI into customer service and other automated systems. They said AI deployment needs not only sophistication, but also tight oversight.
The risk is even greater when AI is connected directly to personal data and digital identity. For that reason, strong protection from the start is seen as essential so automated support features do not become abuse channels.
For users, basic security measures remain important. Two-factor authentication, strong passwords, and regular checks of account activity are still recommended to reduce the risk of takeover as AI becomes more common in digital services.