Meta's AI chatbot helped hackers compromise Instagram accounts, including the White House

Meta's AI chatbot helped hackers take over Instagram accounts, including the White House

Meta's AI support chatbot was successfully used by hackers to compromise Instagram accounts through simple social engineering. The vulnerability allowed anyone to gain access to another person's profile by simply asking the chatbot to change the attached email address and reset the password.

How the exploitation worked

Hackers posted videos on Telegram demonstrating the hacking process step by step. The attack began by contacting Meta's AI support chatbot. The hacker requested help supposedly to recover access to an account, without providing sufficient verification.

The AI system, unprotected against social engineering, complied with all requests. The chatbot changed the email address attached to the target profile to the hacker's address. Then it was simply a matter of resetting the password through the standard recovery method — sending a confirmation code to the new email.

This way, full control of the account passed into the hands of the attacker. The process was so simple that anyone could repeat it. The hackers did not even try to hide the methodology, sharing video evidence in public access.

High-profile accounts compromised

The vulnerability affected not only regular users but also protected state profiles:

• Official White House account @obamawhitehouse with 10+ million followers
• Account of the Chief Master Sergeant of the US Air Force
• Other high-profile corporate and government profiles

After taking over the White House account, the attackers began posting content with Iranian propaganda. The incident quickly attracted attention from global media, demonstrating the level of vulnerability even of the most protected profiles.

Meta's position and fix

Meta promptly acknowledged the problem and stated that the vulnerability had already been fixed. The company confirmed that exploitation was indeed possible through the support function and that additional protections had been implemented.

"We have already patched this vulnerability,"

Meta stated in an official comment.

However, the company remained sparse on details. It remains unclear whether account owner verification in the chatbot was improved, or whether the logic of the AI system itself was changed. Meta also did not disclose the timeline for discovering the problem.

What this means

The incident demonstrates a critical vulnerability in user trust in AI systems. When even a protected US government account can be compromised through a few questions to a chatbot — this is a signal that AI support needs a fundamental review of verification approaches. For ordinary users, the lesson is clear: it is necessary to protect not only passwords but also attached email addresses. Communication with AI chatbots with personal data requires maximum caution.

*Meta is recognized as an extremist organization and banned in the Russian Federation.