Hackers Tricked Meta’s AI Support Bot Into Hijacking Instagram Accounts

Hackers reportedly hijacked several Instagram accounts by tricking Meta’s AI-powered support assistant into helping them add a new email address and reset passwords. The incident exposed the risk of giving AI support tools access to sensitive account recovery actions without stronger identity checks.

TechCrunch reported that Instagram resolved a security issue after attackers appeared to use Meta’s AI support chatbot to gain access to victims’ accounts. The attack did not require stealing the victim’s linked email account, according to the report.

The Verge also reported that the chatbot could be asked to switch the email address linked to a target account. The attacker then received a verification code, sent it back to the chatbot, and used the resulting reset flow to take over the account.

How the Instagram AI support attack worked

The reported attack started with a target username, not stolen login credentials. Attackers focused on high-value Instagram handles, including short usernames and notable accounts that could be sold, defaced, or used for scams.

According to the reporting, attackers used Meta’s AI support assistant and asked it to connect a new email address to the target Instagram account. The chatbot then sent a verification code to the attacker-controlled email address rather than requiring access to the victim’s existing email.

After the attacker returned the code to the chatbot, the flow allowed a password reset. That gave the attacker control of the account and could lock out the original owner.

Incident detail	Information
Platform	Instagram
Reported weak point	Meta AI support assistant account recovery flow
Main reported action	Adding a new email address and triggering password reset
Victim type	High-value handles, public accounts, and regular users
Meta response	Meta said the issue was resolved and impacted accounts were being secured
Technical root cause	Not fully published by Meta

High-value Instagram handles were targeted

The attack did not appear to be a broad spam campaign against random accounts. Reports describe attackers going after accounts with resale value, visibility, or institutional importance.

TechCrunch said compromised accounts included the Obama-era White House Instagram handle and the account of U.S. Space Force Chief Master Sergeant John Bentivegna. Security researcher Jane Manchun Wong also said her Instagram account was taken over.

The Verge reported that the @obamawhitehouse account began posting Iranian propaganda after the takeover and that accounts tied to Sephora and the U.S. Space Force chief master sergeant were also affected, citing earlier reporting from 404 Media.

• Attackers reportedly targeted short and valuable usernames.
• Some attackers used VPNs to appear near the target’s region.
• The attack used the support flow rather than malware or phishing links.
• Meta said the issue has been fixed.
• The total number of affected users remains unclear.

Meta had recently promoted AI account recovery tools

The incident follows Meta’s broader push to use AI in support and account recovery. In a December 2025 Meta account support update, the company said it was testing an AI support assistant for instant, personalized help with account recovery, settings, and profile management.

Meta said at the time that its recovery improvements included smarter account recovery flows, trusted device recognition, and better alerts about risky activity. It also said hacked account recovery success had increased in the U.S. and Canada.

The Instagram incident shows the tradeoff. AI support can make recovery faster for real users, but support tools that can change email addresses or trigger password resets need strict guardrails, deterministic authorization checks, and audit trails.

AI support benefit	Security risk if controls fail
Faster account recovery	Attackers may exploit shortcuts in identity checks
Automated help at scale	Errors can affect many users quickly
Natural language support	Attackers can manipulate the flow with carefully worded prompts
Direct access to support actions	AI agents may perform sensitive changes without enough confirmation

The flaw fits a known AI security risk

The incident also matches a broader class of AI security concerns called excessive agency. The OWASP GenAI Security Project describes excessive agency as a risk where an LLM-based system can perform damaging actions because it has too much functionality, too many permissions, or too much autonomy.

That framework matters here because the danger was not the chatbot’s ability to answer questions. The danger came from the chatbot’s apparent ability to touch sensitive account recovery functions.

If an AI support assistant can call tools that update account email addresses, issue verification codes, or start password resets, those actions need hard policy checks outside the model. The model should not decide identity on its own through conversation alone.

Meta says the issue has been resolved

Meta’s communications head Andy Stone said the issue had been resolved and that the company was securing impacted accounts, according to multiple reports. Meta has not published a detailed technical postmortem explaining the exact internal failure.

Even my Instagram account got hacked

The password got changed without my knowledge and I was getting different password reset attempts throughout yesterday. And I got repeatedly logged out from the IG iOS app

Quite concerning https://t.co/F6wjKYrlBo

— Jane Manchun Wong (@wongmjane) June 1, 2026

That leaves some important details open, including how many users were affected, which account protections were bypassed, and whether different two-factor authentication methods changed the outcome.

Still, the incident has already become a warning for companies adding AI to customer support. When AI agents sit in front of account recovery systems, normal support mistakes can become full account takeovers.

What Instagram users should do now

Users cannot directly patch Meta’s support system, but they can reduce account takeover risk. Instagram’s own two-factor authentication help page explains how to enable 2FA through Accounts Center under Password and security.

Authenticator apps and security keys generally offer stronger protection than SMS because they reduce exposure to SIM-swap attacks. Users with valuable handles, verified accounts, or business profiles should also keep their account email private and separate from public contact addresses.

Meta’s Instagram security guidance recommends checking login activity, reviewing profile information, confirming account recovery contact details, and enabling two-factor authentication.

1. Enable two-factor authentication on Instagram.
2. Use an authenticator app or security key where available.
3. Keep the recovery email private and separate from public profiles.
4. Review login activity in Accounts Center.
5. Remove devices or sessions you do not recognize.
6. Generate new backup codes and store them offline.
7. Do not click unexpected account recovery links in emails or messages.
8. Check whether the email and phone number on the account remain correct.

Why OG handles remain attractive to attackers

Short Instagram usernames, sometimes called OG handles, can carry high value in underground markets. Their rarity makes them attractive to criminals who resell them or use them for scams, impersonation, and status-driven fraud.

That market creates pressure on any support flow that can change account ownership signals. Even a short-lived support weakness can turn into a wave of targeted account takeovers if attackers can automate or repeat the process.

For creators, brands, executives, and public institutions, an Instagram account can carry reputational and financial value. A takeover can lead to scams, political messages, fake endorsements, or malicious links before the owner regains control.

Companies need stronger controls for AI support agents

The broader lesson goes beyond Instagram. Any company that gives an AI agent permission to change recovery email addresses, reset passwords, issue tokens, close accounts, refund money, or update security settings needs strict access controls outside the language model.

The OWASP excessive agency guidance recommends limiting the functionality, permissions, and autonomy granted to LLM-based systems. Sensitive actions should require narrow permissions, separate verification, rate limits, logging, and human review when risk signals appear.

Meta’s own account recovery announcement emphasized AI-backed support and smarter recovery flows. The Instagram account hijacking reports now show why those systems need red-team testing before they receive access to identity-changing APIs.

• Do not let AI agents make final identity decisions alone.
• Require out-of-band verification before changing recovery email addresses.
• Use deterministic policy checks for password resets and account ownership changes.
• Limit AI tools to the smallest set of actions needed for support.
• Log and review high-risk support actions.
• Rate-limit repeated recovery attempts against valuable or verified accounts.
• Block location spoofing signals from lowering recovery friction.
• Require human review for account recovery requests with unusual risk signals.

What to do if your Instagram account was affected

If you were logged out unexpectedly, received password reset emails you did not request, or noticed an email change you did not authorize, act quickly. Open Instagram directly rather than clicking links from messages, then start the account recovery process through the official app or website.

After regaining access, use the Instagram 2FA settings to refresh your authentication method and generate new backup codes. Then review login sessions and remove devices you do not recognize.

Users should also follow Meta’s Instagram security recommendations, including checking emails from Instagram inside the app, keeping recovery details updated, and reviewing login activity after any suspicious event.

FAQ