Hackers duped Meta AI support chatbot to steal celebrity Instagram accounts
Summary
Hackers exploited a security flaw in Meta’s AI support chatbot to take over and sell popular Instagram accounts by changing their email addresses. Meta fixed the issue on May 29 after hackers compromised thousands of accounts, including some high-profile ones.Key Facts
- Hackers used a VPN to hide their real location and trick Meta’s AI chatbot into changing the email linked to Instagram accounts.
- The exploit let hackers steal valuable Instagram accounts worth hundreds of thousands of dollars.
- High-profile accounts, like the Barack Obama White House and Space Force Chief Master Sergeant accounts, were briefly hacked.
- The flaw existed since at least February 2026 and was shared in hacker groups and reported by security researchers.
- Accounts with multifactor authentication (MFA) were protected and not vulnerable to the attack.
- The security issue was due to the AI being tricked into misusing its permissions, known as a "confused deputy" problem.
- Meta launched the AI support assistant in March 2026 to help users 24/7 but did not initially include strict safety checks.
- Experts recommend adding more checks like out-of-band verification and monitoring to prevent similar attacks in the future.
Read the Full Article
This is a fact-based summary from The Actual News. Click below to read the complete story directly from the original source.