Particle.news
Download on the App Store
24 ARTICLES
·
last wk.

Hackers Used Meta AI to Hijack Instagram Accounts

A vulnerability in Meta’s AI support assistant allowed attackers to add their own email addresses to accounts, thereby enabling password resets that briefly seized high‑profile profiles.

The logo of the Meta AI app can be seen on the display of a smartphone. on March 7, 2026 (Image: Matthias Balk / picture alliance / Getty Images)
Screenshots of a Meta AI support chat asking for an 8-digit verification code and password reset, likely a phishing attempt.
Image

Overview

  • Security researchers and demonstration videos circulated on Telegram showed attackers tricking Meta’s AI support chatbot into linking attacker‑controlled email addresses to other people’s Instagram accounts.
  • The method used a VPN to spoof a target’s usual location, prompted the AI to send a one‑time verification code to the attacker’s email, and then used that code to reset the account password.
  • Several high‑value and notable accounts, including the archived Obama White House handle, a U.S. Space Force senior official’s account, and Sephora’s page, were briefly compromised over the weekend.
  • Meta says it patched the flaw and is securing impacted accounts, but the company has not disclosed how many users were affected and some victims report trouble getting human help to recover accounts.
  • Security experts say enabling multi‑factor authentication and using passkeys or security keys would have largely blocked this attack and warn that giving AI direct control of account‑change workflows creates new risks to fix.