[HN]score: 1.07
Meta's AI Support Bot Exploited to Hijack Instagram Accounts via Password Reset
June 1, 2026
Attackers used Meta's AI customer support chatbot to add attacker-controlled email addresses to target Instagram accounts by framing the request within the bot's standard password reset flow, combined with a VPN to spoof local IP addresses. High-profile accounts including the Obama White House Instagram were briefly compromised before Meta patched the flow.
HOW THIS AFFECTS YOU
●
builderAny AI support agent with account-modification capabilities needs explicit identity verification gates that cannot be bypassed through conversational framing — this is a live production vulnerability pattern to audit now.
●
policyThis is a documented, exploited case of an AI system being socially engineered to perform privileged account actions, with real-world account takeovers as the outcome — relevant to AI safety in customer-facing deployments.