Hackers Used Meta AI Support Chatbot to Hijack Barack Obama White House Instagram Account

Hackers said they used Meta’s AI support chatbot to break into high-profile Instagram profiles by asking the support bot to change the email address associated with the target account, a method described as “shockingly easy.”

“Hackers say that they used Meta’s AI support chatbot to break into a host of high-profile Instagram profiles by asking the support bot to change the email address associated with the target account”

404 Media

The claims coincided with takeovers including the Barack Obama White House account, the Chief Master Sergeant of Space Force’s account, and Sephora’s account, according to 404 Media.

404 Media

Meta’s AI support assistant had been rolled out to help users “resolve account problems” and promised a faster account recovery process, but the attack chain described by TechCrunch relied on tricking the chatbot into granting access after a password reset flow.

TechCrunch reported that the hacker allegedly used a VPN to spoof the targets’ presumed location, then opened a chat with Meta AI Support Assistant and asked the bot to add a new email address to the target’s account, after which the chatbot sent a verification code and prompted a “Reset Password” step.

Meta acknowledged the issue and said it was fixed, with Andy Stone telling users, “This issue has been resolved and we are securing impacted accounts,” as quoted by Engadget.

The Guardian reported that Meta confirmed the problem on Monday and said it had resolved the issue after researchers exposed it, adding that the company stated: “This issue has been resolved, and we are securing impacted accounts.”

Ars Technica

Security researcher Jane Wong described the impact on her own account, saying, “The password got changed without my knowledge and I was getting different password reset attempts throughout yesterday,” and TechCrunch quoted her as “Quite concerning.”

Krebs on Security described how pro-Iran hackers posted on Telegram that they had used the exploit to seize accounts, and it said the Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend.

The attack described across outlets centered on account recovery workflows that could be steered by natural-language prompts, with 404 Media warning that there was “no way to escalate their problem to a human” after accounts were stolen.

“AI: Meta will train its AI systems with European users' data starting in late May 2025”

CNIL

Krebs on Security said the Telegram video claimed the exploit involved using a VPN connection with an IP address in or near the target’s usual hometown, then requesting a password reset and linking the account to a new email address controlled by the attacker.

International Business Times UK framed the flaw as a “textbook case of prompt injection” and said the process allowed attackers to redirect password reset links to unauthorized email addresses, effectively seizing control without triggering a traditional two-factor authentication challenge.

Looking beyond the immediate Instagram incident, CNIL reported that Meta would train its AI systems with European Facebook and Instagram users’ data starting in late May 2025, and it said users would be informed of the possibility to object to the processing right away, with the project suspended in 2024 after discussions with the Irish data protection authority (the DPC).