Analysis-High-profile Meta AI chatbot breach spotlights security risks of automation
An Instagram hack that saw attackers talk Meta's AI support chatbot into handing over access to high-profile accounts has exposed a critical flaw at the heart of the company's push to automate sensitive user functions.
The breach allowed hackers to seize accounts including the dormant Obama White House page, beauty retailer Sephora and a senior U.S. Space Force official.
The chatbot was persuaded to reset account credentials without independently verifying identity, effectively turning a high-trust security tool into a big weakness, cybersecurity experts told Reuters.
The episode underscored a broader vulnerability as tech companies hand AI systems sweeping authority over tasks such as account recovery, even as those systems remain susceptible to manipulation through what experts said is a class of attack known as "prompt injection".
For Meta, the stumble comes at a sensitive time. The social media giant has doubled down on AI, shedding thousands of jobs while pledging up to $145 billion on AI infrastructure. This incident could sharpen concerns that the company was accelerating automation of critical functions before the technology was ready to handle them safely.
Meta said on Monday the issue was resolved and it was securing impacted accounts, but the incident jolted investors already worried about the company's hefty AI spending, sending its shares down more than 5%.
The company declined to share more details. Reuters could not immediately identify or reach the hackers.
Jane Wong, a security researcher and former Meta employee whose Instagram handles were compromised, told Reuters it took about 5 to 10 minutes to reinstate her account. She said in a post on X that her password was changed without her knowledge and she had received multiple reset attempt requests.
"This is a foundational architecture failure. The model was given privileged actions without privileged access controls," said Brian Westnedge, vice president for alliances and partnerships at cybersecurity firm Red Sift.
"Meta has faced sustained criticism over its lack of human support, has made large workforce cuts, and is spending billions on AI. This incident lands squarely in the middle of all three."
HACK FANS WORRIES ABOUT AI USE IN SAFETY
Unidentified hackers carried out the attack over the weekend, locking users out of their accounts and prompting a wave of complaints on platforms including X and Reddit.
First reported by online news website 404 Media on Monday, the hack marks the latest setback for Meta in rolling out AI across its products.
The company rolled out the support chatbot in March to address a longstanding issue of not having human support for users who lose access to their accounts or face erroneous penalties.
A Reuters investigation in August found Meta had no guardrails in place that prevented its AI chatbots from having "sensual" conversations with kids, offering incorrect medical information or claiming that they were real people.
Since then the company has announced that it would offer more control to parents of teens to prevent younger users from accessing inappropriate content on its platforms.
Analysts and experts said the problem was not limited to Meta, warning that more such exploits were likely as hackers weaponize AI.
"The concern isn't necessarily AI itself, but whether adequate safeguards exist around what the AI is authorized to do," said Cliff Steinhauer, director of information security & engagement at the National Cybersecurity Alliance.
Since ChatGPT's late 2022 launch spurred a rush to deploy AI chatbots, hackers have exploited prompt attacks. In one such instance, the attacker tricked a Chevrolet dealership's bot into selling a Tahoe SUV for $1.
"It's not a Meta-specific issue. People are using these AI agents to do a lot of stuff. What we're actually seeing is unexpected problems that are coming up with the use of AI," said Engin Kirda, professor at the Department of Electrical and Computer Engineering at Northeastern University.
"In the past, people were targeted by scams. Now, we are seeing agents being targeted by scams," he said, referring to AI agents or autonomous digital assistants that are enabled to perform complex tasks.
(Reporting by Deborah Sophia and Jaspreet Singh in Bengaluru; Writing by Aditya Soni; Editing by Sayantani Ghosh and Arun Koyyur)
Copyright Reuters or USA Today Network via Reuters Connect.
This story was originally published June 3, 2026 at 6:01 AM.