Hackers appeared to take over victims’ accounts even after Meta said it fixed its AI-powered support chatbot, which granted hackers access to victims’ accounts

Meta has warned Instagram users that they remain vulnerable to account takeovers by hackers who exploited a flaw in its artificial intelligence-powered support chatbot — months after the company claimed to have fixed the issue. The ongoing attacks suggest the patch may have been incomplete or ineffective, leaving users exposed to unauthorized access through the same vector.

The chatbot vulnerability

The core of the exploit lies in Meta’s AI-powered customer support chatbot, designed to assist Instagram users with account recovery and verification issues. Hackers discovered that by submitting specific prompts to the chatbot, they could trick the system into granting them access to other users’ accounts. The flaw allowed attackers to bypass standard authentication checks, effectively taking over accounts without needing the legitimate owner’s password or two-factor authentication codes. Meta initially announced it had deployed a fix for this vulnerability, but the company now acknowledges that the problem has persisted, with new takeover incidents reported even after the supposed patch.

Attack patterns and user impact

Victims have reported losing control of their Instagram accounts without any warning or suspicious activity flags. In many cases, the hackers changed the account email address, phone number, and password within minutes, locking out the original owners. Some users said they only realized the breach when they tried to log in and found their credentials no longer worked. Meta’s support system, which relies heavily on the same AI chatbot, has been slow to respond to appeals, with some victims waiting weeks for account restoration. The company has not disclosed the exact number of affected accounts, but independent security researchers estimate the total could be in the thousands.

Meta’s response and ongoing risks

Meta confirmed that it is aware of the continued exploitation and has issued a new warning to Instagram users, advising them to enable additional security measures such as two-factor authentication and to be cautious when interacting with the chatbot. The company stated that it is “actively investigating” the issue and working on a more comprehensive fix, but did not provide a timeline for when the vulnerability will be fully resolved. Security experts note that the delay is concerning, as the chatbot remains a primary support channel for millions of users. They recommend that users avoid relying on the AI chatbot for account recovery and instead contact Meta through alternative methods, though those options are limited.

Market Context

As of June 03, 2026, Bitcoin is trading at $65,763, down 2.5 percent in the last 24 hours. Ethereum is at $1,821.79, declining 5.2 percent over the same period. The broader cryptocurrency market has seen a slight dip, coinciding with increased regulatory scrutiny and ongoing security concerns in the tech sector.