Instagram users face new AI-powered cyber threat that can expose their passwords
Hackers have already compromised Instagram accounts of Sephora and the US Space Force
Cybersecurity experts have raised the alarm about a sophisticated new form of AI-driven attack targeting Instagram users, warning that it poses a serious risk to account security and personal privacy.
Researchers have found that AI models and large language models (LLMs) — including Meta's own AI chatbot — can be weaponised by malicious actors to seize control of accounts and extract passwords.
The method being deployed is known as "prompt injection," a technique that manipulates the behaviour of AI systems by feeding them carefully crafted instructions.
How the attack works
Using this technique, cybercriminals have found a way to trick the Meta AI chatbot into revealing passwords by circumventing its built-in safety guardrails.
The method relies on a broader strategy known as "social engineering" and has been captured in a video that has since circulated widely across social media platforms.
In practice, the attacker instructs Meta AI to reset the password on a targeted account and directs it to dispatch a verification code to a new email address.
This is achieved by persuading the chatbot to adopt a persona generated through third-party tools.
Once the attacker has verified their identity through this process, they are then able to alter the account's verification email address, effectively locking out the legitimate owner.
High-profile accounts already compromised
A series of troubling incidents has emerged in recent days, with a number of prominent Instagram accounts confirmed to have been breached.
Among those affected were the account belonging to the Chief Master Sergeant of the US Space Force, the official account of beauty giant Sephora, and a former White House account.
Meta responds to the security breach
Meta stated on Monday addressing the vulnerability. "This issue has been resolved, and we are securing impacted accounts."
The company did not disclose how many accounts had been affected in total.
Public reaction and wider concerns
The revelation has prompted considerable alarm amongst social media users, many of whom took to X to voice their unease about the broader implications of AI being integrated into major platforms.
"Just wait until those same social media companies have your passport and identification," one user wrote. Another commented: "AI can cause more harm than good if not properly managed and restricted."