Meta’s AI-powered support assistant, built to help users recover Facebook and Instagram accounts faster, was reportedly exploited to hijack Instagram profiles by letting attackers add their own email addresses and reset passwords, raising fresh concerns about AI agents handling sensitive account-security workflows.
TL;DR
- Hackers reportedly tricked Meta’s AI support assistant into linking attacker-controlled emails to Instagram accounts.
- The exploit affected high-profile accounts, including the Obama-era White House Instagram handle, according to reports.
- Meta said the issue has been resolved and that it is securing impacted accounts.
- The incident highlights the risk of giving AI support agents permission to perform account-level actions.
Meta’s own AI support assistant has landed at the center of a serious Instagram security incident.
According to reports from The Verge, hackers were able to hijack Instagram accounts by asking Meta’s AI-powered support chatbot to add a new email address to a target account, receive a verification code on that attacker-controlled email, and then reset the account password.
The attack did not reportedly require access to the victim’s original email inbox, phishing links, or malware. In one demonstration shared online, the hacker asked the chatbot to link a new email address, received a code, gave it back to the assistant, and was then shown a password reset option.
The issue was first reported by 404 Media and then picked up by several major outlets. The Verge reported that the flaw appeared around the same time Barack Obama’s former White House Instagram account, @obamawhitehouse, began posting Iranian propaganda. Other reportedly affected accounts included beauty retailer Sephora and the US Space Force Chief Master Sergeant.
Some attackers also appeared to use VPNs to make it look as if they were contacting support from the same region as the targeted account holder, helping them bypass location-based safeguards. The Verge noted that attackers seemed to target high-value Instagram handles, including short or single-word usernames.
Security researcher Jane Manchun Wong also said her Instagram account was taken over. “The password got changed without my knowledge and I was getting different password reset attempts throughout yesterday,” Wong wrote, according to The Verge.
Meta has acknowledged the issue and says it has fixed the flaw.
“This issue has been resolved and we are securing impacted accounts,” Meta communications head Andy Stone said in a statement shared on X and cited by The Verge and The Guardian. Meta has not publicly disclosed how many accounts were affected.
The incident is especially notable because Meta only recently expanded its AI support assistant across Facebook and Instagram. In a March 2026 company update, Meta said the assistant was designed to provide 24/7 support and could help with account issues such as password resets, privacy settings, scams, impersonation accounts, and profile settings. Meta also said the assistant could respond to requests typically in under five seconds.
At launch, Meta positioned the tool as a way to make support faster and more action-oriented. “The Meta AI support assistant is a major step in our work to deliver stronger support on our apps,” the company said in its announcement.
However, this incident shows the flip side of action-taking AI agents. When a chatbot is allowed to perform sensitive account-management tasks, such as email changes and password resets, the system’s security depends not just on the model’s answers, but on whether the surrounding verification process can reliably confirm who is making the request.
Topics for more insights:
The broader takeaway is not that AI support is inherently unsafe, but that customer-service automation needs strict permission boundaries, identity checks, audit trails, and human escalation for high-risk actions. A support bot that can answer questions is one thing. A support bot that can help change account credentials is another.
For Meta, the exploit adds pressure at a time when the company is rapidly expanding AI across its apps. For users, it is another reminder to keep account security controls such as two-factor authentication, recovery contacts, and login alerts active, although reports indicate the real failure here was on the platform-side verification workflow.
