Meta Patches Instagram AI Flaw That Let Hackers Take Over Accounts

A significant security flaw in Meta's AI-powered customer support chatbot allowed attackers to take control of Instagram accounts by simply asking the bot to hand over access, prompting an emergency fix from the company.

The exploit, reported by Malwarebytes cybersecurity journalist Danny Bradbury, was in active use for several months before Meta intervened. Among the accounts targeted were the dormant Obama White House page, beauty retailer Sephora, and an account belonging to a senior US Space Force official. Security researcher Jane Manchun Wong, a former Meta employee, was also compromised. Several of the affected accounts were briefly defaced with pro-Iranian imagery.

How the attack worked

Attackers identified the geographic location of a target account holder, then used a VPN to appear to be connecting from that same region, bypassing Instagram's location-based security checks. They then initiated a standard password reset and opened a support chat with Meta's AI assistant, asking it to change the email address on the account.

The bot complied, sending a one-time verification code directly to the attacker's inbox. The underlying problem was that Meta had given its AI assistant the power to make account changes without equipping it to properly confirm it was speaking with the genuine account owner. Cybersecurity professionals call this type of flaw a "confused deputy," a concept that has been recognised in the security community since the 1980s.

In cases where enhanced security checks were triggered, attackers reportedly created video deepfakes of their targets using images harvested from the victims' own Instagram profiles.

Meta's response

Andy Stone, Meta's communications executive, confirmed on X that the vulnerability had been resolved and that affected accounts were being secured. The company has not disclosed how many accounts were compromised in total.

How to protect your account

The most effective protection available right now is multi-factor authentication (MFA). According to veteran cybersecurity reporter Brian Krebs, the attack failed against accounts that had MFA enabled, including those using SMS codes.

An authenticator app offers stronger protection than SMS, but either option is significantly better than none. To enable two-factor authentication, open Instagram's Settings, navigate to Meta Accounts Center, and switch on Two-Factor Authentication.

Separately, cybersecurity account TheCyberSecGuru has reported a second attack technique circulating, this time using a modified version of Instagram running on an Android emulator called BlueStacks. This variant attempts to manipulate the AI support assistant using hidden characters embedded in messages.

Meta's patch addresses the original flaw, but security experts warn that as more companies deploy AI to handle customer support queries, similar vulnerabilities are likely to emerge.

Source: Danny Bradbury / Malwarebytes, 4 June 2026