Bottom line: Hackers compromised Instagram profiles through targeted manipulation of Meta’s AI-powered support system and fraudulent identity verification videos. The attackers used prompt-injection techniques against the internal language model and generated deepfake selfies to circumvent automated security mechanisms.
Hackers have taken over Instagram profiles by exploiting Meta’s AI-driven support system and using fabricated identity verification videos. The attackers leveraged prompt-injection techniques against the internal language model and generated deepfake selfies to bypass automated security safeguards.
A coordinated wave of attacks targets rare Instagram usernames and high-profile government accounts. Victims include OG handles (extremely short usernames) that command six-figure values on the black market, as well as official profiles such as that of U.S. Space Force Chief Master Sergeant John F. Bentivegna and a historical government account from the Obama era. Security researcher Jane Manchun Wong confirmed temporary access loss and reported unauthorized password changes and repeated logoffs. The compromised accounts are reportedly offered for sale on encrypted Telegram channels immediately after being accessed.
The attack method combines two attack vectors: First, hackers exploited a vulnerability in the large language model that Meta uses to process support requests. Through prompt injection – targeted text inputs designed to manipulate internal security instructions – they fed the AI system malicious commands. This system has elevated privileges for password changes, email link management, and independent identity validation. The attackers executed a confused-deputy attack, in which a trusted system with privileged rights is induced to perform unauthorized actions. Because language models rely on semantic understanding rather than classical code interfaces, the manipulation largely evades automated filtering systems.
For the second stage of the attack, hackers employed generative AI video tools. Meta’s automated account recovery typically requires uploading a selfie video with predefined head movements. The attackers obtained publicly available portrait photos from the target accounts and converted them into deceptively authentic animated video sequences using AI video generators. Additionally, they configured their virtual private networks so that IP addresses matched the geographic locations the victims had registered in their profiles. The automated verification system classified the deepfakes as legitimate.
For CISOs, this attack sends a dual warning: the reliance on large language models in security-critical workflows – particularly for authentication and account control – demands specialized defense mechanisms against prompt-injection techniques. At the same time, the attack demonstrates that biometric safeguards such as video selfies are vulnerable to sophisticated deepfake technology. The combination of both attack vectors highlights a critical governance gap: automated support systems should not have direct permissions for account recovery but should be required to escalate to authenticated staff members.
Source: www.it-daily.net · Published June 2, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.2.9.