Instagram has resolved a security issue that allowed several users’ accounts to be compromised after attackers reportedly exploited Meta’s AI-powered support chatbot to gain unauthorized access.

Over the weekend, multiple users on Reddit reported that their Instagram accounts had been hijacked, while similar warnings circulated on X (formerly Twitter) from other affected users describing unexpected account takeovers.

Among the compromised accounts were the Instagram handle linked to the Obama-era White House, which has been inactive since 2017, as well as the account of U.S. Space Force Chief Master Sergeant John Bentivegna.

Security researcher Jane Wong also confirmed that her Instagram account was taken over during the incident, highlighting the scale and technical sophistication of the attack.

“The password got changed without my knowledge and I was getting different password reset attempts throughout yesterday,” said Wong. “Quite concerning.”

A video posted on X appears to show a step-by-step method for compromising an Instagram account.

In the clip, the attacker allegedly uses a VPN to mask their location and make it appear consistent with the target’s usual login pattern, reportedly helping to bypass Instagram’s automated security checks.

The video then shows the attacker initiating a conversation with Meta’s AI support assistant and requesting that a new email address be added to the victim’s account.

The chatbot is seen sending a verification code to the attacker-provided email, which is then fed back into the system.

After the code is accepted, the chatbot reportedly presents an option to reset the account password.