Instagram Alerts Users Targeted by AI Chatbot Hackers
Instagram is alerting users targeted by hackers who exploited Meta's AI support chatbot to take over accounts. The simple attack, involving asking the bot to link accounts to hacker-controlled emails, continued even after Meta claimed a fix. The incident highlights critical security flaws in AI-driven support systems.
Instagram is currently notifying users whose accounts were compromised in a widespread hacking campaign that leveraged Meta's AI support chatbot. Attackers exploited a critical flaw, tricking the AI into granting them access to numerous accounts by simply requesting that the chatbot link a target's profile to an email address they controlled. This alarming security breach reportedly persisted even after Meta claimed the underlying issue had been resolved.
The ease with which these accounts were compromised has raised significant concerns, questioning the robustness of AI-driven support systems. Hackers engaged directly with Meta’s AI chatbot, falsely identifying themselves as the legitimate owners of targeted Instagram accounts. They then instructed the bot to associate the profile with a new, hacker-controlled email address.
Remarkably, the AI chatbot complied without requiring further human verification, effectively bypassing traditional security protocols. This vulnerability allowed attackers to initiate password resets and swiftly seize control of accounts, often locking out the rightful owners without complex technical maneuvering. Crucially, no human Meta employees or contractors were involved in these chatbot interactions, highlighting the automated nature of the exploit.
The hacking spree affected a diverse range of Instagram profiles, notably those featuring highly desirable, short "OG handles"—original usernames often consisting of common forenames or country names. These coveted handles hold significant value in a clandestine gray market. Among the high-profile alleged targets were the dormant Obama White House Instagram account, though Meta disputed its compromise, and the account belonging to U.S. Space Force chief master sergeant John Bentivegna.
Meta spokesperson Andy Stone initially stated on Monday that the "issue that did happen has already been fixed." However, this assertion was quickly challenged by a wave of new reports from Instagram users on Tuesday, who continued to experience account takeovers. Simultaneously, discussions in private Telegram channels used by the hackers revealed ongoing exploitation of the vulnerability, with attackers openly advertising newly compromised handles for sale, even at the time TechCrunch reported.
Responding to persistent reports, Stone later clarified that affected users might receive password reset notifications or be prompted with security questions upon logging in. Meta confirmed it had secured impacted accounts by Monday and subsequently began dispatching password reset emails to victims. The company, however, has not disclosed the total number of users affected by this security incident.
Victims have since shared screenshots of official emails from Instagram, explicitly warning them of "suspicious activity" that suggests their accounts may have been compromised. These communications advised users that the company had taken proactive steps to secure their accounts and instructed them to immediately reset their passwords to regain control and prevent further unauthorized access.
This incident sheds critical light on the evolving landscape of online security and the inherent risks of integrating powerful artificial intelligence into critical user support functions. Meta had announced in March its deployment of an AI-powered chatbot designed to streamline account issues, including the crucial ability to "reset your password securely." The recent events suggest this automation, while intended for efficiency, inadvertently created a significant and easily exploitable security gap.
Historically, the theft of valuable "OG" Instagram usernames demanded far more complex methods, such as elaborate phishing campaigns, SIM-swapping attacks, or even bribing internal employees. The stark simplicity of the current attack, where hackers merely "asked" an AI to grant access, marks a concerning and dangerous shift. It underscores the imperative for rigorous security measures and robust verification processes when deploying AI-driven systems, particularly those entrusted with sensitive user data and access.
FAQ
Q: How did hackers exploit the Meta AI chatbot to gain access to Instagram accounts?
A: Hackers simply posed as the legitimate owners of target accounts and requested Meta's AI support chatbot to link the Instagram profile to an email address they controlled. The chatbot complied without adequate verification, enabling the hackers to initiate password resets and take over the accounts.
Q: What kind of Instagram accounts were primarily targeted during these attacks?
A: The attacks targeted various accounts, including those with highly desirable, short "OG handles" (e.g., common names or country names), which are valuable in a gray market. High-profile individuals, such as the U.S. Space Force's chief master sergeant, were also among the reported victims.
Q: What actions is Instagram taking to help users affected by these AI chatbot attacks?
A: Instagram has secured affected accounts and is sending out email notifications to victims, warning them of suspicious activity and instructing them to reset their passwords. Users may also be asked security questions when attempting to log in to ensure their identity.
Related articles
Startup Battlefield Returns to Australia: Sydney's Past Impact
TechCrunch's Startup Battlefield is returning to Sydney, Australia, on August 19, 2026, in partnership with Stripe. Ten startups will pitch, with the winner securing automatic entry to TechCrunch Disrupt's Startup Battlefield 200 in San Francisco. This return follows the highly successful 2017 event, which launched companies like HealthMatch and FluroSat (now Regrow Agriculture) to raise over $85 million combined and foster a vibrant Australian tech ecosystem.
ai: What to expect from WWDC 2026: Siri’s highly anticipated revamp
WWDC 2026 will unveil a major AI overhaul for Siri, powered by Google Gemini, alongside significant Apple Intelligence updates across apps. Anticipate a standalone Siri app and AI enhancements to Camera, Photos, and Wallet, driving a more intuitive user experience.
regional: Google alert! Seattle-area teen wins Doodle contest with
Seattle-area teen Kameirah Johnson won the 2026 Doodle for Google contest, with her artwork "Hair Power: The Crown That Grows from Us" featured on Google's homepage. The Renton senior's piece celebrates hair as a symbol of identity and cultural strength. She received a $55,000 scholarship, and her school, Lakeside, earned a $50,000 technology package, furthering her dreams of studying art and economics at NYU.
Foxconn, Intel, and SambaNova Partner for Rackscale AI Infrastructure
Intel, Foxconn, and SambaNova Systems have partnered to build rackscale AI infrastructure, unveiled at Computex 2026. This collaboration targets the shift from AI training to inference, aiming to re-establish Intel Xeon CPUs at the core of data centers by pairing them with SambaNova's SN-50 RDUs for efficient, cost-effective performance. Foxconn will handle system integration and develop CPU-dense variants.
Amazon Rolls Out AI-Generated Product Images in Search Results
Amazon is rolling out a new AI feature that displays generated product images in its shopping app's search results to help users find items. While intended to assist shoppers with vague descriptions, the move is being questioned for potentially misleading consumers with fake products.
Amazon Takes Top Fortune 500 Spot, Ends Walmart's 13-Year Reign
Amazon has officially become the No. 1 company on the Fortune 500 list for the first time in 13 years, dethroning Walmart. Reporting over $700 billion in 2025 revenue, this marks a historic shift for the tech giant. Other leaders like Microsoft, Alphabet, and Nvidia also achieved notable milestones.