Incident · curated 27 Jun 2026
First reported 1 Jun 2026 · 25d ago
Single-source incident — first reported, latest, and curated coincide.
It shows that AI agents with account-modifying privileges can be socially engineered via prompt injection to bypass authentication controls and hand over accounts at scale.
Attackers used prompt injection against Meta's AI support assistant on Instagram, sending crafted messages instructing it to link an attacker-controlled email to a target account, causing the AI to send password reset links to the attacker and bypassing 2FA. The exploit was reportedly active in the wild for months, compromising thousands of accounts including a dormant Obama White House account before being patched.
Why it matters
It shows that AI agents with account-modifying privileges can be socially engineered via prompt injection to bypass authentication controls and hand over accounts at scale.