Hackers used Instagram’s AI‑powered support bot to hijack about 20,000 accounts.
The attackers sent crafted messages that convinced the bot to reset passwords and grant access. Victims ranged from the White House and US Space Force to security researcher Jane Wong. Meta later confirmed the breach, outlined the bot’s flaw, and rolled out additional verification steps for account recovery.
The incident shows how quickly AI can be weaponised when it replaces human judgement in security flows. Automated bots may speed up support, but they also open a shortcut for social engineers. Companies will now have to weigh convenience against the risk of mass‑scale credential theft.
If AI is supposed to make services safer, this breach proves the opposite can happen without proper oversight.