Meta's AI Chatbot Was Exploited to Reset Instagram Passwords Without Verification
Nairobi, 1 June 2026
A flaw in Meta’s AI assistant allowed hackers to hijack Instagram accounts — including the dormant Obama White House account — by bypassing identity checks entirely. Enable two-factor authentication now.
A Vulnerability Hidden in Plain Sight
For months, a silent threat lurked inside one of the world’s most widely used social media platforms. Between February 2026 and late May 2026, attackers exploited a critical logic-layer flaw in Meta’s AI-powered account recovery tool on Instagram, using a technique known as ‘prompt injection’ to trick the chatbot into forwarding password reset codes to unauthorised parties — no identity verification required [1][2]. The exploit was active for roughly four months before security researchers ZachXBT and Dark Web Informer publicly exposed it, prompting Meta to patch the vulnerability on Friday, 29 May 2026 [2].
How the Attack Actually Worked
The mechanics of the attack were, in a troubling sense, elegantly simple. Meta had replaced the traditional search bars on Facebook, Instagram, and WhatsApp with an ‘Ask Meta AI’ prompt — a chatbot that Meta itself described as being able, ‘unlike traditional help center solutions,’ to ‘take action for you’ [1]. Attackers discovered they could manipulate this AI assistant through carefully crafted text prompts, instructing it to initiate password reset emails and redirect them to accounts controlled by the hackers, entirely bypassing the platform’s identity verification layer [2].
High-Profile Victims and the Underground Market
The consequences were swift and financially significant. Threat actors specifically targeted premium, short-handle Instagram accounts — among them @hey and @jowo — which together carry a combined market value of over $1,000,000 [2]. These accounts were rapidly sold through private Telegram channels before Meta could intervene [2]. Perhaps the most striking casualty was the dormant Obama White House Instagram account, which had been inactive since 20 January 2017. Attackers reportedly seized control of it and posted the message, ‘The White House is under Shiites’ control’ [1]. The incident underscored that even long-dormant, unmonitored accounts remain attractive targets — and vulnerable ones at that.
The Role of Meta’s Aggressive AI Expansion
The vulnerability did not emerge in a vacuum. It is directly linked to Meta’s rapid and large-scale deployment of generative AI across its platforms [1]. To fund this expansion, Meta laid off over 8,000 employees [1], a decision that drew criticism at the time and now raises fresh questions about whether the company moved too quickly in replacing established, tested account management tools with AI systems that had not been sufficiently hardened against adversarial manipulation [GPT]. The generative AI rollout extended beyond Instagram, with Meta’s AI also beginning to appear in Facebook comment sections to produce automated text summaries, and the ‘Ask Meta AI’ prompt replacing search bars on WhatsApp as well [1]. In Canada, Meta was simultaneously deploying generative AI broadly across Facebook, Instagram, and WhatsApp [1].
A Critical Window: What Was — and Was Not — Compromised
Meta moved quickly to contain the narrative alongside its technical fix. In a statement issued following the patch, the company said: ‘We fixed an issue that allowed an external party to request password reset emails for some Instagram users. There was no breach of our systems and people’s Instagram accounts remain secure’ [2]. Instagram’s official account echoed this message, adding: ‘You can ignore those emails — sorry for any confusion’ [2]. Security researcher Dark Web Informer offered a more direct technical summary: ‘Instagram had an exploit that allowed you to use Meta AI to reset passwords to accounts with no MFA on them. The exploit was patched a short time ago’ [2]. That final phrase — ‘no MFA’ — is the critical detail. Accounts protected by two-factor authentication (2FA) were not compromised during this exploit [2], a fact that transforms 2FA from a recommended precaution into an essential line of defence.
What Users — Especially Vulnerable Communities — Must Do Now
For everyday users, and particularly for mobile-first communities in regions such as Kakuma and Kalobeyei refugee settlements — where Instagram and WhatsApp serve as vital lifelines for staying connected with family across South Sudan, Somalia, Ethiopia, and the Democratic Republic of Congo — this is not an abstract cybersecurity story [GPT]. It is a direct and urgent warning. Security experts recommend a layered approach to account protection: enabling app-based two-factor authentication using tools such as Google Authenticator or Authy rather than SMS-based 2FA; using a private, dedicated email address for account registration; employing a password manager to generate and store strong, unique passwords; and regularly reviewing login activity for any unfamiliar sessions [2]. Users are also strongly advised to avoid clicking on suspicious links sent via direct messages and to refrain from sharing personal details with any AI chatbot claiming to verify an account [GPT]. It is also worth noting that this is not the first time Meta’s AI-assisted support tools have been implicated in such an issue: on 11 January 2026, Instagram patched a separate but related security vulnerability in its AI-assisted support tools that had allowed unauthorised external parties to trigger password reset emails for certain accounts [2].
A Wider Warning About AI in Security-Sensitive Roles
This episode is a sobering illustration of what can go wrong when AI systems are rapidly deployed in security-sensitive roles without adequate safeguards against adversarial manipulation [GPT]. Prompt injection — the technique at the heart of this attack — is not new to the cybersecurity community, but its application against a major consumer platform with hundreds of millions of users represents a significant escalation in its real-world impact [1][2]. As Meta and its peers continue to weave generative AI ever more deeply into the fabric of daily digital life, the responsibility to ensure those systems are robustly tested against manipulation techniques falls squarely on the companies deploying them. For users who depend on these platforms not merely for entertainment but for communication, community, and in many cases remittances, the stakes could not be higher [GPT].