Meta’s AI Agents Leave Instagram Accounts Vulnerable to Hackers

A security flaw in Meta’s AI-powered customer support system has allowed hackers to seize control of Instagram accounts by simply prompting the chatbot to reassign account email addresses. The exploit, which came to light over the weekend, has affected numerous users — including high-profile accounts with large followings — and remains partially active despite Meta’s efforts to contain it.

How the exploit works

Attackers discovered that Meta’s AI assistant could be instructed, through conversational prompts alone, to reassign the email address linked to any Instagram account — effectively handing over access without any verification. Once in control of the email, hackers could lock out the original owner entirely. Instagram has since begun notifying affected users and is requiring mandatory password resets. However, security researchers report the vulnerability has not been fully patched.

The cost of replacing human oversight with AI

The breach has intensified scrutiny of Meta’s aggressive cost-cutting strategy, which has seen significant staff reductions as the company.