Meta AI support chatbot tricked into handing over Instagram accounts with a single request

A critical security flaw in Meta's AI support chatbot enabled hackers to hijack dozens of Instagram accounts, including verified profiles belonging to a former US president's archived White House page, a senior US Space Force commander, and the cosmetics retailer Sephora. The exploit, first reported by 404 Media, required no password or two-factor authentication code from the original owner.

How the exploit worked

Attackers initiated Instagram's account recovery process and contacted the Meta AI support assistant. They requested the bot link a new email address to the target account. The AI complied, sending a verification code to the attacker-controlled email. Once verified, the system issued a password reset link, locking out the legitimate owner. The only technical hurdle was location: the bot checks whether a request originates from the account's familiar region. Hackers circumvented this by using a VPN to spoof their location. In some cases where the bot requested a selfie for verification, attackers used another AI tool to generate a fake image of the supposed account holder.

The dumbest security vulnerability I have ever seen.

Step-by-step tutorials and videos demonstrating the method circulated in Telegram hacking groups over the past weekend. One video shared by cybersecurity researcher Dark Web Informer on X showed the entire process, from searching for a target username to receiving the password reset link.

High-profile targets compromised

Among the compromised accounts was the archived Instagram profile of the White House from Barack Obama's administration, which had been inactive since 2017. After the takeover, the account posted pro-Iranian propaganda. The account of Chief Master Sergeant of the Space Force John F. Bentivegna was also hijacked and used to disseminate pro-Iranian and anti-American content. Bentivegna later warned followers on Facebook not to interact with the posts.

Experiences like this make it clear that cybersecurity is not just a corporate issue, but something we all deal with in our daily lives.

Other victims included the Sephora account, security researcher and former Meta employee Jane Manchun Wong, developer Albert Renshaw, and numerous users with coveted short usernames, which can fetch hundreds of thousands of dollars on the black market. Wong reported that her password was changed without her knowledge and she received multiple unauthorized reset attempts.

My password got changed without my knowledge and I was getting different password reset attempts throughout yesterday. Quite concerning.

Victims locked out with no human recourse

Affected users found themselves in a Kafkaesque loop. The same AI system that facilitated the hijacking was their only available support channel, and it proved incapable of restoring access. One victim, the owner of the @korn account, described spending six hours trying to get help, only to receive four broken links from Meta's support AI. The account had been secured with Meta Verified and a facial recognition scan, neither of which prevented the takeover.

An AI stole my account, another AI can't fix it — zero humans in the loop anywhere.

Tech author Gergely Orosz noted on X that Meta's trust and safety team at Instagram had been "completely hollowed out" recently, a potential contributing factor. The incident coincides with massive workforce cuts at Meta amid billions of dollars in AI spending.

Meta's response

Meta spokesperson Andy Stone confirmed the issue had been resolved and that the company was securing impacted accounts. He disputed claims that the vulnerability was used to hack accounts of world leaders, calling such reports "totally false." The company had launched the AI support assistant in March, promoting it as a tool that could help prevent account takeovers. An independent EU dispute resolution body noted last week that Meta virtually never responds when it raises cases of users who say they have been wrongly banned.