Meta AI Support Bot Helped Hackers Hijack Instagram Accounts - MacRumors
Skip to Content

Meta AI Support Bot Helped Hackers Hijack Instagram Accounts

by

Meta's AI support assistant has been helping hackers get access to high-profile Instagram accounts, according to reports on social media. With no verification check, ‌Meta‌ AI would change the email address associated with an Instagram account, allowing the password to be updated.

meta ai
‌Meta‌ introduced its AI support assistant back in December with the aim of making it easier for customers to access 24/7 account support. It can be used for reporting scams, getting information on content removal, and resetting passwords. The latter option is what bad actors were able to exploit.

The Instagram vulnerability showed up on social media over the weekend, with demonstrations of the simple steps taken to get access to an account. In one demo, a hacker asks ‌Meta‌'s support bot to change the email address linked to a target Instagram account, and the AI does it without question.

‌Meta‌'s support did not do robust identity verification, and in some cases, it appears it bypassed two-factor authentication. All that was required was a VPN connection set to a location near the target account, which is trivial. ‌Meta‌ appeared to be verifying account ownership based on location. "Our systems recognize the device you usually use and familiar locations better than ever," reads ‌Meta‌'s blog post on its AI support agent. In some cases, users were asked to verify their identity with a selfie, which was bypassed using AI.

For a short period of time, the exploit was available to the public, and account takeovers ramped up. One security researcher said Telegram channels that offer black market Instagram services "made lots of $$$" with ‌Meta‌'s AI. 404 Media said hackers have been aware of the exploit since March.

‌Meta‌ patched the issue over the weekend, and today, ‌Meta‌'s VP of communications Andy Stone said the issue has been fixed. ‌Meta‌ is now "securing impacted accounts."

Information about the Instagram attack vector comes after hackers were able to take over accounts for Sephora, the Chief Master Sergeant of the Space Force, researcher Jane Manchun Wong, developer Albert Renshaw who owned @albert, and the archived Barack Obama White House account. Multiple other users with desirable Instagram handles reported having their accounts taken.

Some users who have had their accounts stolen over the weekend were not able to use the AI to get their accounts back, and there was no option to speak with a human for help.

Tags: Instagram, Meta Guide

Popular Stories

Facebook Feature

Meta Wants You to Pay for Instagram, Facebook, and WhatsApp Now

Wednesday May 27, 2026 12:53 pm PDT by
Meta is rolling out paid Instagram Plus, Facebook Plus, and WhatsApp Plus plans worldwide as of today. Instagram Plus is priced at $3.99 per month, Facebook Plus is priced at $3.99 per month, and WhatsApp Plus is priced at $2.99 per month. According to TechCrunch, the paid plans provide features like profile customization, super reactions, and story insights. Instagram Plus lets users see ...
Read Full Article248 comments
Instagram Feature 1

Instagram Now Lets Users Reorder Posts on Their Profile Grid

Tuesday June 9, 2026 2:51 am PDT by
Instagram is now rolling out a long-awaited feature that lets users rearrange posts in any order on their profile grid. The update, which began reaching users on June 8, is available via the Instagram app for iPhone and Android. To reorder posts, users can go to their profile, long-press any post on the grid, select "reorder grid" from the pop-up menu, then drag content to the desired...
Read Full Article3 comments
Instagram Feature 2

Instagram and WhatsApp Down Today on iPhone [Updated]

Monday June 1, 2026 12:01 am PDT by
Meta platforms including Instagram, WhatsApp, Facebook, and Messenger are currently experiencing issues for some users around the world. Instagram, WhatsApp, Facebook, and Messenger are down or loading intermittently for some users across devices like the iPhone and the web. In addition, some affected users are receiving an unexpected error when attempting to log in. The outages have been ...
Read Full Article5 comments

Top Rated Comments

awshucks Avatar
awshucks
3 weeks ago
Wow. This is such a sorry lack of precaution that even I'm surprised.
Score: 16 Votes (Like | Disagree)
Mr_Brightside_@ Avatar
Mr_Brightside_@
3 weeks ago
You’ve gotta love the VP updating on X.
Score: 12 Votes (Like | Disagree)
teaneedz Avatar
teaneedz
3 weeks ago
hilarious...but is it really unexpected? this is just the tip of the iceberg as more mainstream folks encounter the 'great' AI world we now live in. 🍿
Score: 11 Votes (Like | Disagree)
error Avatar
error
3 weeks ago
This is why everybody loves AI support.
Score: 11 Votes (Like | Disagree)
ikramerica Avatar
ikramerica
3 weeks ago

I suspect a similar exploit works for Facebook, or did for a time. A friend had his account hijacked recently. Apparently the takeover was as simple as changing the associated email address. Now the hacker is in and you are locked out. It took months for him to regain control of the account.
My wife never got hers back. Facebook wouldn’t help and would always send reset requests to both her email and the false email the attacker added so they could block her attempts to get her account back.

She was finally able to get logged in briefly and delete all her data before he blocked her out again.

Facebook’s human based help team not only wasn’t helpful but actively thwarted her attempts to fix things by denying her driver license and other proofs of ID, yet this guy had none of that at his disposal.
Score: 10 Votes (Like | Disagree)
I
infinitedreams
3 weeks ago
It also tells people to factory reset your iPhone if the WhatsApp iPad app crashes.
Score: 10 Votes (Like | Disagree)
Read All Comments