Hackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts. It Worked

Simon Willison · Simon Willison · 2026-06-01

Hackers successfully hijacked high-profile Instagram accounts by asking Meta's AI support chatbot to link a new email address to the target account, exploiting Meta's decision to give the bot one-shot account recovery capabilities.

Open original ↗

Appears in

AI as Attack Tool and Attack Target: May 2026 Cybersecurity Moment

Extraction

Topics: ai-securityprompt-injectionaccount-takeovermeta

Claims

Hackers took over high-profile Instagram accounts by simply asking Meta's AI support bot to link a new email address, with no further verification.
Meta wired its support AI chatbot with the ability to execute account recovery actions directly, enabling one-shot account takeovers.
The attack barely qualifies as prompt injection—it was a direct request exploiting the bot's built-in privileges.
Simon Willison confirmed the story through multiple independent sources.

Key quotes

Meta really did wire their support system into an AI chatbot that had the ability to fast-forward through the entire account recovery process.

This one hardly even qualifies as a prompt infection. Don't wire your support bot up to allow one-shot account takeovers!