Meta AI recovery tool hijacked via fake selfies and prompt injection

On June 2, 2026, cybercriminals successfully exploited Meta's AI-driven Instagram account recovery tool, leveraging a combination of AI-generated selfie videos and prompt injection techniques to bypass security checks. The attack targeted the system's ability to verify user identities through automated video selfies—normally a robust liveness detection measure. By feeding the AI carefully crafted, synthetic selfie recordings embedded with malicious prompts, attackers tricked the model into approving unauthorized recovery requests for hundreds of valuable Instagram accounts, including several high-profile verified profiles. The prompt injection flaw allowed the hackers to override the intended verification logic, effectively granting them control over the targeted accounts without legitimate credentials.

Meta acknowledged the breach in a brief statement, confirming that the vulnerability has since been fixed. The company did not disclose how long the exploit was active or whether any user data beyond account access was compromised. This incident highlights the growing sophistication of attacks against AI-powered security systems, where adversarial inputs can subvert even well-designed neural networks. For Instagram's 2+ billion users, the episode underscores the fragility of AI-based identity checks when confronted with generative attacks. Security experts recommend enabling two-factor authentication and treating any unsolicited recovery attempts with extreme caution.