How hackers used Meta's own AI to break into Instagram accounts

📌 Summary:

• Hackers tricked Meta's AI-powered support chatbot into handing over access to Instagram accounts simply by prompting it to change account-recovery details while masking their location with a VPN

• The exploit is a "prompt injection" attack: feeding an AI system crafted instructions that override its intended rules, making it perform actions (here, password resets) it was never authorised to do

• Method: attacker starts a chat, claims to update the email on a target username, supplies an attacker-controlled email; the bot sends the verification code to the ATTACKER's email, then offers a password reset — with no proof of original ownership ever required

• Affected high-profile accounts (per 404Media): Barack Obama's White House account, Sephora, and US Space Force chief master sergeant John Bentivegna; VPNs were used to mimic the victim's location and bypass security checks

• Meta rolled out the AI support assistant in March 2026 to automate account recovery and security tasks; it says the vulnerability has now been patched

🎯 UPSC Relevance: GS3 — cyber security, risks of AI in sensitive security functions, social-media platform vulnerabilities; GS2 ethics/governance of AI deployment

📝 Prelims Facts:

• Prompt injection = manipulating an AI/LLM with crafted instructions to bypass its intended rules
• The flaw let attackers reset Instagram passwords via Meta's AI chatbot without owning the victim's email
• Reported by 404Media; affected accounts included the Obama White House account and US Space Force

🔑 Key Term: Prompt injection attack — a cyber-attack technique where crafted natural-language inputs trick a large language model into ignoring its safety rules and performing unauthorised actions.