As artificial intelligence becomes increasingly integrated into customer support systems, cybersecurity experts continue to warn that even advanced AI tools can introduce new vulnerabilities if not properly secured. Meta recently faced such a challenge after reports emerged that hackers had exploited its AI-powered support chatbot to gain unauthorized access to Instagram accounts.
The incident drew widespread attention after several users reported account takeovers on social media platforms, raising concerns about the security of AI-driven support systems and the protection of user accounts.
Although Meta has since addressed the issue, the episode highlights how cybercriminals are constantly finding new ways to exploit automated systems.
Between May 30 and May 31, multiple Instagram users reported that their accounts had been compromised. Several complaints surfaced on platforms such as Reddit and X, where affected users described being unexpectedly locked out of their accounts.
The reported attacks did not appear to be limited to ordinary users. Among the accounts reportedly impacted were the Obama White House Instagram page and John Bentivegna, the chief master sergeant of the United States Space Force.
Cybersecurity researcher Jane Wong also disclosed that her Instagram account had been compromised during the incident.
“The password got changed without my knowledge, and I was getting different password reset attempts throughout yesterday. And I got repeatedly logged out from the IG iOS app,” Wong said in the post.
Her account of the incident added credibility to concerns that a broader vulnerability might have been exploited.
According to demonstrations shared online, including a video posted by Dark Web Informer on X, attackers allegedly used a combination of location spoofing and manipulation of Meta’s AI support assistant to gain access to targeted Instagram accounts.
The attacker reportedly first used a Virtual Private Network (VPN) to mimic the victim’s location. This step was intended to help bypass Instagram’s automated security checks and make the login attempt appear legitimate.
After masking their location, the attacker initiated a conversation with Meta’s AI-powered support chatbot and requested that a new email address be linked to the targeted Instagram account.
The chatbot allegedly sent a verification code to the email address supplied by the attacker. Once the code was received, it was provided back to the chatbot for verification.
Following successful verification, the chatbot reportedly displayed a “Reset Password” option. The attacker could then create a new password and effectively take control of the account.
This process bypassed traditional recovery safeguards and gave unauthorized users access to victim accounts.
Meta moved quickly after reports of the exploit gained attention online.
On June 1, Instagram spokesperson Andy Stone responded publicly to Jane Wong’s post, confirming that the security vulnerability had been fixed.
According to Stone, the flaw had previously allowed attackers to manipulate Meta’s AI support chatbot into redirecting password reset codes to unauthorized email addresses.
Once discovered, Meta implemented corrective measures to prevent further exploitation and protect user accounts from similar attacks.
The incident demonstrates that even sophisticated AI-powered systems can become targets for cybercriminals. As companies increasingly deploy AI for customer support, security experts emphasize the importance of combining automation with strong verification controls.
One notable aspect of the incident is that users with two-factor authentication (2FA) enabled were reportedly not affected by the exploit.
Two-factor authentication adds an extra security layer by requiring users to verify their identity through a secondary method, such as a mobile device or authentication app.
Instagram users can strengthen account security by:
As artificial intelligence becomes more deeply embedded in digital platforms, companies face the challenge of balancing convenience with security.
AI-powered customer service tools can streamline support processes and improve user experiences, but vulnerabilities in automated systems can create opportunities for abuse if safeguards are not robust enough.
The Meta incident serves as a reminder that cybersecurity must evolve alongside AI innovation. Industry experts increasingly advocate for stronger authentication mechanisms, human oversight in sensitive account recovery processes, and continuous security testing of AI-driven systems.
The recent Instagram account takeover incidents highlight how cybercriminals can exploit weaknesses in emerging technologies, including AI-powered support tools. By reportedly manipulating Meta’s chatbot and leveraging password recovery processes, attackers were able to gain unauthorized access to several accounts, including those belonging to high-profile users.
Although Meta has confirmed that the vulnerability has been fixed, the incident underscores the importance of maintaining strong cybersecurity practices. Users are encouraged to enable two-factor authentication, monitor account activity, and review security settings regularly. As AI becomes a larger part of digital services, both technology companies and users must remain vigilant to ensure convenience does not come at the cost of security.