Meta AI presents a significant security risk for Instagram users. Because Meta AI gave attackers access to accounts, hackers compromised a number of users’ profiles.
Over the weekend, some Reddit users claimed that hackers had taken over their Instagram accounts, and several users on X warned of similar hijackings.
The compromised accounts include the Instagram handle for the Obama-era White House, which has been inactive since 2017, and the account of U.S. Space Force chief master sergeant John Bentivegna.
Security researcher Jane Wong said attackers also took over her Instagram account.
“The password got changed without my knowledge and I was getting different password reset attempts throughout yesterday,” Wong said. “Quite concerning.”
A video shared on X showed step‑by‑step how malicious actors gained access to individual Instagram accounts.
The hacker used a VPN to disguise the target’s location and bypass Instagram’s automated security checks. The hacker then started a conversation with the Meta AI Support Assistant and asked the bot to add a new email address to the target’s account.
The chatbot sent a verification code to the email address the hacker supplied; the hacker relayed the code back to the chatbot, which then displayed a “Reset Password” button. The hacker entered a new password and took control of the victim’s account.
On Monday, Instagram spokesperson Andy Stone replied to Wong’s post and others, saying Instagram had fixed the issue. It’s unclear how many users experienced improper access.