Instagram says it has resolved a security issue that allowed hackers to trick its AI support chatbot into hijacking user accounts.
According to screenshots and videos shared on social media, the AI chatbot could be manipulated to change the email address associated with a target account. Hackers would fake their location using a VPN, then ask Meta's AI assistant to send a verification code to a new email. Once verified, they could reset the password.
Among those reportedly impacted was the verified Instagram account used by former President Barack Obama, which was temporarily taken over and posted pro-Iran content before being recovered. Meta's Head of Communications, Andy Stone, called claims that the exploit was used against world leaders "totally false."
A former Meta security engineer and researcher, Jane Manchun Wong, also said her Instagram password was changed without her knowledge. It remains unclear how many accounts were affected.
The incident raises fresh concerns about the security risks of AI-powered customer support systems.