Instagram has repaired a security loophole that led to the theft of several user accounts, and the attack appears to have led to the granting of access to the victim ‘ s accounts by the attackers by deceiving Meta ‘ s own AI chat robot.

Last weekend, several Reddit users claimed that their Instagram accounts had been stolen, and many users on platform X warned of the risk of similar accounts being stolen. The number attacked included the White House Instagram account under Obama, which had not been used since 2017, as well as that of the United States Space Force officers.
The security researcher Jane Wong stated on social platforms that her Instagram account had also been stolen. “It is quite worrying that the password was changed without my knowledge, and yesterday I received different attempts to recode it,” she said.

A video on X details how to invade the Instagram account. The hacker allegedly used the geographical location of the target user of the VPN to circumvent the automatic account protection mechanism of Instagram. Subsequently, hackers spoke with the Meta AI passenger robot and asked the robot to add a new e-mail address to the target account.
Video shows chat robots sending authentication codes to e-mail addresses provided by hackers; hackers share the authentication codes with chat robots, who then display a “replace password ” button. The hacker successfully took over the victim ‘ s account after entering the new password.
Cybersecurity experts described the attack as the classic “agent fraud” in the field of computer security, where a procedure with a higher authority was lured to abuse the authority of a third party with lower authority. In the above cases, “agent” is a large-language model with a “probability response model that can be fine-tuned by command” rather than a “certainty procedure” with a “hard-coding condition statement to be bypassed by code”.

It is worth noting that even if a Meta AI passenger robot were attacked, users could still use some simple safety options. According to KrebsOnSecurity, hackers reported attacks that could not decipher accounts using multiple identifications, including the “most unsafe MFA method” provided by Instagram, a one-off text message authentication code.
This loophole highlights the broader risk posed by technology companies’ eagerness to deploy higher-authority AI agents who can be modified, created or removed from key data. Meta launched Meta AI’s assistant in March 2026 and promised that it could “provide reliable 7*24 round-the-clock support to almost any problem at any time and place”.
On Monday, Instagram spokesman Andy Stone responded that the issue had now been repaired. It is not clear how many Instagram accounts were improperly accessed.
