Meta's AI Support Bot Made Instagram Account Takeovers Trivial

Key Takeaways

• Hackers exploited Meta's AI support chatbot to take over Instagram accounts by requesting email changes through the bot
• The vulnerability bypassed two-factor authentication and required only VPN location spoofing to work
• High-profile accounts including the Obama White House, Sephora, and a Space Force official were compromised

AI Support Tool Became a Hacker's Best Friend

When Meta launched its AI support assistant in December 2025, the company promised it would make account recovery "faster and simpler." The company delivered on that promise. Just not in the way anyone wanted.

Security researchers flagged over the weekend that hackers had been using Meta's AI chatbot to steal Instagram accounts. The method was alarmingly simple: ask the bot to change the email address linked to a target account, then request a password reset. That's it. Even accounts protected by two-factor authentication fell to this approach.

“The tool was designed to make recovery 'faster and simpler,' but instead it just made it faster and simpler for the wrong people.”

— Tech Security Analyst via 404 Media

Screenshots and videos showing the takeovers in action circulated on Telegram, where users had apparently been discussing the vulnerability since March. That's three months of exposure before Meta addressed the issue.

How the Exploit Worked

The AI chatbot relied on users' physical locations to verify identity. Meta had built this as a security feature. In its December announcement, Meta wrote: "Our systems recognize the device you usually use and familiar locations better than ever."

Hackers turned this feature into a weakness. By using a VPN to spoof their location to match the target account holder's location, attackers could convince the AI they were the legitimate owner. The bot would then process email change requests without additional verification.

The exploit worked because the AI chatbot had authority to make account changes but lacked the judgment to question suspicious requests. A human support agent might hesitate when someone asks to change an account's primary email. The AI just did what it was asked.

High-Profile Victims

The timing of Meta's patch coincides with a wave of high-profile account compromises. The Obama White House Instagram account, dormant since 2017, suddenly posted an AI-generated image with text translating to "the White House is under Shiites' control," according to TMZ. Meta confirmed the hack but provided no details on how it happened or who was responsible.

Other potential victims include beauty retailer Sephora and a high-ranking Space Force official, according to 404 Media. The common thread: valuable accounts that would be prime targets for hackers seeking either financial gain or political impact.

Meta's Response

Meta VP of Communications Andy Stone posted on X that the company had resolved the issue. "This issue has been resolved and we are securing impacted accounts," Stone wrote. The company hasn't disclosed how many accounts were affected or why the AI support tool had such a fundamental security gap.

“We are aware of the issue and have patched the vulnerability; we are currently in the process of identifying and restoring the affected accounts.”

— Andy Stone, VP of Communications at Meta

The silence on root cause is notable. Meta cut roughly 8,000 employees from its integrity and cybersecurity divisions in early 2026, leaving support operations heavily reliant on AI automation. Whether that staffing decision contributed to this vulnerability remains an open question Meta hasn't answered.

The Automation Risk

This incident highlights a core tension in AI-powered customer support. Companies want to reduce costs and speed up response times. AI chatbots deliver both. But when those bots have real authority over account settings, they become attack vectors.

The community reaction on HackerNews and Reddit has been pointed. Users noted the dangerous irony: Meta prioritized AI automation over basic account security protocols. When the AI bot is the only point of contact for support, there's no human to escalate to during a crisis. No one to say, "Wait, this seems suspicious."

For companies considering similar automation, this is a case study in what happens when you give AI authority without adequate safeguards. The question isn't whether AI can handle support tasks. It's whether your AI can recognize when it's being manipulated.

Frequently Asked Questions

How did hackers bypass Instagram's two-factor authentication?

The AI support chatbot had authority to change account email addresses. Once attackers changed the email, they could request a password reset, bypassing 2FA entirely since the reset went to their controlled email.

Is the Meta AI support exploit still active?

Meta says the vulnerability has been patched and the company is working to secure affected accounts. However, the company hasn't disclosed the full scope of compromised accounts.

How can I check if my Instagram account was affected?

Review your Instagram security settings for any unauthorized email or phone number changes. Check your login activity for unfamiliar devices or locations. If you notice anything suspicious, change your password immediately.

How long was this vulnerability exploitable?

According to 404 Media, users on Telegram had been discussing the vulnerability since March 2026. Meta didn't patch it until June, meaning the exploit was potentially usable for about three months.

What accounts were compromised in the Meta AI hack?

Confirmed victims include the Obama White House Instagram account. Potential victims include beauty retailer Sephora and a high-ranking Space Force official, according to 404 Media.

Source: Engadget