Hackers duped Meta AI support chatbot to steal celebrity Instagram accounts

Ars Technica AI · Jeremy Hsu · 2026-06-01

Hackers used a straightforward prompt injection attack against Meta's AI support chatbot to hijack and resell high-value Instagram accounts, including the Barack Obama White House account, before Meta issued an emergency patch on May 29, 2026.

Open original ↗

Appears in

AI as Attack Tool and Attack Target: May 2026 Cybersecurity Moment

Extraction

Topics: ai-securityprompt-injectionsocial-media-securityaccount-takeover

Claims

Meta's AI support chatbot could be manipulated via prompt injection to change the email address on any Instagram account without proper identity verification.
The attack required only a VPN to approximate the target's region, initiating a password reset, and then prompting the chatbot to change the associated email.
Hackers stole and resold Instagram accounts worth hundreds of thousands of dollars on gray markets using this exploit.
The Barack Obama White House account and the Chief Master Sergeant of Space Force's account were among those compromised and used to post pro-Iranian content.
Meta deployed an emergency patch on May 29, 2026 to close the vulnerability.

Key quotes

shockingly easy

It's a very straightforward prompt injection attack.

Attackers simply had to use a VPN to approximately match their location to the target Instagram account's region, begin a password reset process, and then ask Meta's AI support chatbot to change the email address associated with the account