Hackers used Meta’s AI-powered support chatbot to infiltrate high-profile Instagram accounts, the company has confirmed, saying it resolved the problem after researchers exposed it.

The targets ranged from Barack Obama’s White House account to the beauty retailer Sephora and the US Space Force chief master sergeant, John Bentivegna, according to reporting from 404 Media. Everyday users complained of similar hijackings on Reddit and X over the weekend.

Security researchers and hacking groups posted videos and screenshots of how to steal an account on Telegram, and a video shared on X appears to show a hacker telling Meta’s AI assistant to link the account to a new email address. The bot assures the hacker a verification code has been sent to that new email and asks the hacker to input the numbers in the chat interface. Once the hacker pastes the correct number, they are shown a button to reset the targeted account’s password.

In at least one video, the hacker used a virtual private network to spoof the account holder’s location and avoid Meta’s safeguards.

Meta said in a statement on Monday: “This issue has been resolved, and we are securing impacted accounts.” It is unclear how many accounts were affected.

The breach raises concerns about just how safe it is to rely on AI for essential security measures such as passwords. Stolen account handles were listed for sale on the Telegram messaging platform, according to reports.

Meta, which is rapidly reorganising its workers’ jobs around AI and increasing the use of AI features in its platforms, rolled out the AI support assistant globally on Facebook and Instagram earlier this year. The press release for the new feature said it could “take action for you on a growing set of requests directly within Facebook and in the future, on Instagram”.

The list of actions included reporting scams, impersonation accounts or problematic content, as well as resetting passwords. “The Meta AI support assistant is a major step in our work to deliver stronger support on our apps,” the March press release said.

Meta has become a major investor in AI under the leadership of its founder, Mark Zuckerberg, who has ordered a $145bn (£108bn) spend on AI infrastructure, including datacentres, this year.

The company has been developing a series of large language models – the technology that underpins tools such as chatbots – to power its products. Zuckerberg is also pursuing a goal of AI “super-intelligence”, the term for models that are superior to humans at every cognitive task.

Meta’s vision for tasks that can be carried out by its chatbots extends into mental healthcare. Zuckerberg said last year that AI assistants could be used as a replacement for human therapists. “For people who don’t have a person who’s a therapist, I think everyone will have an AI,” he said.

His remarks drew concern from mental health clinicians who said chatbots might recommend courses of action that were inappropriate.

Aiden Sinnott, a principal threat researcher at the cybersecurity firm Sophos, said the Meta incident was a form of “prompt injection” attack in which attackers manipulate AI chatbots into carrying out malicious actions.

“This type of attack will become increasingly common as more online services deploy these chat bots, often without adequate protections in place,” he said.