Researchers show chatbot manipulation had redirected a password reset function, allowing hackers to seize high-value usernames unprotected by second-factor authentication.

Attackers have exploited a vulnerability in Meta’s AI-driven support system for Instagram, enabling unauthorized account takeovers without breaching the firm’s core infrastructure.

The issue stemmed from Meta’s recently introduced AI assistant for account recovery, which could be manipulated through prompt injection techniques, according to security researchers and reporting by Cybernews on 1 June 2026.

The flaw was identified by blockchain investigator ZachXBT and researchers affiliated with Dark Web Informer, who demonstrated that attackers could interact with the chatbot and coerce it into issuing password reset requests. By exploiting weaknesses in how the AI interpreted user prompts, threat actors were able to redirect reset codes to accounts under their control, effectively bypassing identity verification safeguards.

Meta has emphasized that its backend systems were not compromised, framing the issue as a logic-layer failure within the AI tool rather than a traditional data breach.

Exploit mechanism

Critically, the system had lacked sufficient authentication checks and rate-limiting controls. This meant that anyone with knowledge of a target’s username could initiate the recovery process and potentially gain access.

The campaign appeared to focus on high-value Instagram handles, particularly short or rare usernames with significant resale value:

  • Accounts such as @hey and @jowo were reportedly seized and later traded through Telegram-based marketplaces.
  • In a more prominent incident, the inactive Obama White House Instagram account — unused since January 2017 — had also been compromised, with unauthorized posts featuring AI-generated imagery.
  • Additional victims included high-profile individuals such as US Space Force Chief Master Sergeant John F Bentivegna.

Meta has confirmed the breach of the Obama-affiliated account and removed the offending content. Analysts noted that the incidents may be part of a broader, coordinated effort targeting prominent US-linked accounts, although attribution remains unclear.

The firm had moved to address the vulnerability by deploying a fix late last week. In a public statement, Meta said it had resolved an issue that allowed external actors to trigger password reset requests for certain users, reiterating that no internal systems were breached and that overall account security remains intact. The firm has not disclosed how long the flaw existed or whether specific threat actors have been identified.

Notably, accounts protected by two-factor authentication were not affected by the exploit. However, the incident underscores growing concerns about integrating AI systems into sensitive security workflows. The failure highlights how insufficient guardrails in AI-driven tools can introduce new attack surfaces, even as corporations report broader improvements in account security metrics, including Meta’s previously cited 30% reduction in account compromises in 2025.