Meta’s AI Support Agent Used by Hackers to Take Over Instagram Accounts

An exploit described as “remarkably simple” allows anyone to add a new email address to any Instagram account using Meta’s AI chat bot, allowing full account takeover. The method involves using a VPN to make it appear as though your traffic is coming from the same country as your victim. Then, you simply request a password reset for your account and choose to chat with Meta’s AI support assistant. You can then just tell the AI assistant to link a new email address to the account, and it will happily comply. The bot sends a one-time password reset link to the account, and you’re in. The exploit was originally showed in a video posted by “pro-Iranian hackers” in a Telegram group. According to the post from Brian Krebs, the Obama White House and Chief Master Sergeant of the U.S. Space Force were “defaced with pro-Iranian images and messages.” Meta hasn‘t officially responded, but Andy Stone, an employee at Meta, stated that the “issue has been resolved“ and the impacted accounts were secured. > This issue has been resolved and we are securing impacted accounts. > > — Andy Stone (@andymstone) June 1, 2026 AI agents have well-documented security vulnerabilities, including several inside Meta. You don’t always know exactly what AI agents will do since their behavior isn‘t deterministic. With human support agents, you have the potential for social engineering attacks, where you convince them to divulge information they shouldn’t or perform actions they shouldn’t. AI agents bring a whole other attack surface in the mix though: they’re vulnerable to prompt injection attacks, where an attacker uses an input prompt to re-write the instructions for the agent. AI can’t tell the difference between input and instructions, so an attacker that can get around any barriers put up can essentially rewrite the AI’s brain. In this case, though, it seems like intended behavior. Generally, when websites want you to reset your password, they will only send a password reset link to an email address already associated with that account. However, in this case, the AI simply accepts any email address provided, essentially letting anyone take over any account they want to. It’s not clear what the AI agent is supposed to be doing that a classic “forgot my password” reset screen can’t. It seems Meta implemented the feature without remotely enough safeguards to prevent misuse. It’s doubtful that AI agents should even be allowed to control account authentication in the first place, but something tells me more companies will add a feature like this to their services anyway.