Meta Sends Security Alerts After AI Chatbot Used in Instagram Account Ta

Instagram has begun alerting users whose accounts may have been targeted in a hacking campaign that allegedly exploited Meta's AI-powered support chatbot to gain unauthorized access to accounts.

The incident has drawn attention to the risks of allowing AI systems to perform sensitive account recovery tasks after reports emerged that attackers were able to use Meta's chatbot to take over Instagram profiles simply by convincing the AI they were the legitimate account owners.

According to TechCrunch, Meta has been working to secure affected accounts and notify users after the issue surfaced over the weekend.

How the Exploit Worked

The reported attacks did not rely on sophisticated malware or technical vulnerabilities. Instead, attackers allegedly manipulated Meta's AI support chatbot through simple text conversations.

Hackers reportedly told the chatbot that they owned a targeted Instagram account and requested that the account be linked to an email address under their control. The chatbot then complied, allowing the attackers to reset passwords and gain control of the accounts.

In some cases, victims were locked out of their profiles entirely.

What makes the incident particularly notable is that no Meta employees or contractors were involved in the process. The actions were reportedly carried out solely through interactions with the AI-powered support system.

Reports Continued After Meta Claimed Fix

On Monday, Meta spokesperson Andy Stone said the issue had already been resolved.

However, new reports of compromised Instagram accounts continued to appear on social media on Tuesday. TechCrunch also reported seeing discussions in Telegram groups where individuals claimed they could still exploit the chatbot and were advertising allegedly hijacked usernames for sale.

It remains unclear whether all of the reported account takeovers were linked to the same method.

In a later statement on X, Stone said some users might receive password reset notifications or be asked additional security questions when attempting to log in to their accounts.

Meta also confirmed that it secured affected accounts and began sending password reset emails to impacted users. The company has not disclosed how many users may have been affected.

Valuable Usernames Were Among the Targets

Many of the accounts reportedly targeted during the campaign contained rare or highly sought-after usernames, often referred to as "OG handles."

These usernames typically consist of short words, common first names, or country names and can command significant prices in underground online marketplaces.

TechCrunch reported seeing examples of compromised accounts featuring valuable usernames, while other reported targets included high-profile accounts such as a dormant Obama White House Instagram profile—though Meta disputed that claim—and the account of U.S. Space Force Chief Master Sergeant John Bentivegna.

For years, cybercriminals have targeted valuable Instagram usernames for resale. Traditionally, however, obtaining control of such accounts required more sophisticated tactics, including phishing attacks, SIM-swapping, or social engineering telecom employees.

Meta's AI Support System Under Scrutiny

The incident comes only months after Meta announced plans to expand the use of artificial intelligence within its customer support operations.

According to a March announcement cited by 404 Media, Meta said its AI-powered support chatbot was designed to help users resolve account-related issues from start to finish, including securely resetting passwords.

The latest incident is likely to raise questions about how AI systems verify user identity before carrying out sensitive actions such as account recovery and password resets.

Several affected users reported receiving emails from Instagram stating that the platform had detected suspicious activity suggesting their accounts may have been compromised. The company said it had taken steps to secure those accounts and urged users to reset their passwords.

Growing Concerns Over AI-Driven Account Security

The episode highlights a new challenge facing technology companies as AI becomes increasingly integrated into customer support and account management systems.

While automation can improve efficiency and reduce response times, security experts have long warned that AI systems handling critical account functions must have strong safeguards against impersonation and abuse.

In this case, the attackers reportedly succeeded not through advanced hacking techniques, but by persuading an AI chatbot to trust them.