Hacking Meta’s AI Chatbot
Summary
Hackers discovered a way to take over Instagram accounts by tricking Meta's AI support chatbot into resetting passwords for accounts that weren't theirs. The attacker would use a VPN (a tool that masks your location) to hide their location, then convince the chatbot to send a password reset code to an email address they controlled, allowing them to take over the victim's account. Meta said the specific exploit was fixed, but security experts warned that chatbots are fundamentally unreliable for account security tasks.
Solution / Mitigation
Instagram spokesperson Andy Stone stated that 'the issue was now fixed' on Monday.
Classification
Affected Vendors
Related Issues
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
CVE-2026-24747: PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `wei
Original source: https://www.schneier.com/blog/archives/2026/06/hacking-metas-ai-chatbot.html
First tracked: June 4, 2026 at 08:00 AM
Classified by LLM (prompt v3) · confidence: 92%