How Meta's AI Support Bot Got Tricked Into Hijacking Instagram Accounts (opens in new tab)

The Incident In June 2026, Krebs on Security reported that hackers were circulating step-by-step instructions on Telegram showing how to manipulate Meta's AI support assistant into resetting Instagram account passwords — without proper authorization. The attack wasn't a SQL injection or an OAuth exploit. It was a prompt injection: crafted user inputs designed to override the bot's intended behavior. The results were concrete and embarrassing. High-profile accounts — including the Obama White ...