Sales Tech

Instagram AI chatbot let hackers hijack accounts, reset passwords

Meta fixed a security flaw that let attackers manipulate its AI support bot to take over Instagram accounts, including high-profile business profiles. The exploit worked by social-engineering the chatbot into sending password-reset codes to attacker-controlled emails. Meta did not disclose how many accounts were affected.

OnTargetIsh Team · · 2 min read
Instagram AI chatbot let hackers hijack accounts, reset passwords

The vulnerability

Meta patched a security flaw in its AI-powered Instagram support chatbot that allowed attackers to hijack accounts by simply asking the bot to add a new email address, then resetting the password.

The exploit worked without compromising the victim's actual email. Attackers opened a chat with Meta AI, requested an email change, received a verification code at their own address, and were then offered a password-reset button. In some cases, they used a VPN to match the victim's region and avoid automated safeguards.

Targets included Barack Obama's former White House account, Sephora, and the US Space Force Chief Master Sergeant. Meta spokesperson Andy Stone confirmed the issue was fixed but did not say how many accounts were affected.

Why sales teams should care

If your business uses Instagram for lead gen, customer communication, or social commerce, account access is pipeline access. A takeover can lock you out of customer conversations, kill your posting schedule, and damage trust with prospects who see your hijacked account posting scams.

The flaw sits in Meta's March rollout of AI-driven support for "account security and recovery." The chatbot was designed to handle password resets and critical maintenance without human review. That automation created a single point of failure: convince the bot, own the account.

The broader problem

This is not just about Instagram. Any AI tool that handles identity, access, or sensitive workflows introduces new attack surfaces. Sales teams using AI-powered CRMs, support bots, or automation platforms should audit:

  • What can the AI change without human approval?
  • Does it verify identity before granting access to accounts or data?
  • What happens if the AI is tricked by social engineering?

Meta fixed this specific exploit. The question is what else breaks when you let a probabilistic text model control security-critical functions.

For SMBs relying on Instagram as a sales channel, the lesson is platform risk. If Meta's support system can hand over your account to someone who asks nicely, you need backups: email lists, CRM data, and channels you actually control.

Related News

Sales Tech

SaaStr runs 4 AI SDR agents, 40k outbound messages, $1M closed inbound

Jason Lemkin's SaaStr is running four specialized AI SDR platforms instead of one all-in-one tool. Three Artisan instances for outbound (40,000+ messages sent), Qualified for inbound ($1M+ closed), Agentforce for reactivation (200,000 messages, 72% open rates), and Monaco for net new logos. The take: specialized tools beat generalist platforms once you hit scale, but most companies should start with one.

Jun 2, 2026 · 3 min