What Happened: An AI Support Tool Turned into an Account Takeover Vulnerability
Meta’s AI support chatbot for Instagram was exploited in a way that allowed attackers to hijack accounts through the account recovery process, without needing the victim’s password or access to their email, by persuading the chatbot to change critical contact details and reset credentials on the attacker’s behalf. At the center of this Meta AI security flaw was its direct link to Instagram account recovery. Attackers opened a chat with the Meta AI Support Assistant and used text prompts to change the email address tied to a target profile. In many reported cases, the chatbot sent verification codes to the attacker’s email instead of the legitimate owner’s mailbox, then offered a password reset option. This turned what should have been a support feature into a chatbot security exploit that made Instagram account hacking far easier than expected, especially for accounts without multi-factor authentication enabled.
How Hackers Bypassed Passwords and Two-Factor Authentication
The attack chain was alarmingly simple even for non-technical attackers. First, hackers used a VPN to spoof their location and avoid automated protections on Instagram accounts. They then started a conversation with Meta’s AI assistant and asked it to add a new email address to the victim’s profile. The assistant sent a verification code to the attacker-controlled email, and once the attacker supplied that code back in the chat, the system provided a button to reset the password. TechCrunch confirmed that the code landed in the attacker’s public email inbox, proving the exploit worked exactly as described. According to Android Authority, some victims like Jane Manchun Wong reported losing accounts even with two-factor authentication enabled, showing that this account takeover vulnerability could bypass standard protections by abusing the automated support workflow rather than attacking the login page itself.
Why Meta’s Initial Patch Failed and the Risk Behind AI-Driven Support
Meta’s spokesperson Andy Stone said the issue was resolved and affected Instagram accounts were being secured, but users and researchers soon reported ongoing hijacks. Developers in communities like Bugify Vault claimed that Meta’s first response did not repair the underlying Meta AI security flaw. Instead, they say the company removed the visible “Get Support” button in the interface while leaving the API endpoints that Meta AI uses for Instagram account recovery accessible in the background. Skilled attackers quickly shifted to Telegram bots and scripts to continue talking to Meta AI without the official UI. This episode highlights a broader risk: when AI systems are wired directly into sensitive account support tools, any prompt weakness becomes a direct path to Instagram account hacking. Without strict guardrails, support chatbots can be tricked into performing actions that a human agent would likely block or escalate.
Why Users Are Still Vulnerable and How to Limit the Damage
Reports of new hijacks after Meta’s “fix” suggest that users remain exposed while Meta AI retains backend access to account support tools. Android Authority notes that some high-profile handles and rare usernames are being “sniped” and resold, making anyone with a large following or unique name a prime target. Until Meta fully closes the chatbot security exploit, traditional defenses such as strong passwords and two-factor authentication cannot completely prevent Instagram account hacking when the attack goes through Meta AI instead of the login screen. Users should secure their email accounts, enable two-factor authentication everywhere, and monitor password reset notifications for any unexpected activity. If you receive repeated resets or logouts, act quickly: attempt account recovery via official channels, report the compromise to Instagram, and document the incident. While there is no guaranteed technical shield today, fast reaction can reduce damage and improve your chances of regaining control.
