Hackers requested Meta’s AI chatbot to provide them with Instagram accounts, and it complied.

      TL;DR: Hackers took control of prestigious Instagram accounts by instructing Meta’s AI support chatbot to change email addresses without verifying identities. Meta claims the issue has been resolved, yet reports of ongoing attacks surfaced post-announcement.

      No phishing link. No malware. No SIM swap. Over the weekend, hackers seized high-profile Instagram accounts by using a surprisingly simple method: they requested Meta's AI customer support chatbot to alter the email address linked to another person's account. The bot obliged without confirming the identity of the requester, enabling the attacker to reset the password and lock the genuine account owner out.

      This method, initially reported by 404 Media, spread across Telegram channels where hackers exchanged tips and began marketing stolen usernames. Compromised accounts included the inactive Obama White House Instagram profile, which was repurposed to post unauthorized AI-generated images, as well as the account of US Space Force chief master sergeant John Bentivegna.

      On Monday, Meta spokesperson Andy Stone stated that “the issue that did happen has already been fixed.” However, on Tuesday, additional Instagram users reported losing access to their accounts, and individuals in the same Telegram channels asserted that the exploit remained effective, as reported by TechCrunch.

      How the attack occurred

      The technique leveraged a flaw in Meta's AI Support Assistant, launched in March 2026, designed to “resolve account issues from start to finish,” including password resets. This chatbot was intended to reduce the need for human support agents in routine account recovery tasks.

      An attacker would first identify a target account, typically a short “OG” username valued in underground markets. By using a VPN to mimic the target's likely location, they would chat with the AI support bot and merely claim to be the account owner. The bot would then link the attacker’s email to the target account without requiring any ownership proof.

      A human support agent would have confirmed the caller’s identity before making such a change, but the chatbot didn’t. While two-factor authentication might have prevented some hijackings, accounts without it were vulnerable and could be compromised within minutes.

      An underground market for stolen usernames

      For years, there has been a thriving black market for coveted OG usernames—short, desirable handles claimed by early Instagram users. Previous methods for stealing such accounts demanded a higher level of technical skill: phishing for the victim’s details, bribing telecom agents for SIM swaps, or hacking email accounts.

      This attack significantly lowered the barrier for entry. Hackers who shared the method on Telegram were promoting what appeared to be stolen handles for sale, including popular names and country names treated as collectibles in this underground market. According to TechCrunch, sales persisted even after Meta announced a fix.

      Meta rushes to inform victims

      Meta has started sending password reset emails and security alerts to users whose accounts were compromised. Several victims reported receiving notifications from Instagram indicating that the company had “detected some suspicious activity that suggests your Instagram may have been compromised,” along with instructions for resetting their passwords.

      Stone told TechCrunch that on Monday, Meta ensured the security of affected accounts before initiating its notification efforts. He did not disclose how many users were impacted. Meta also contested that the Obama White House account was hacked using this precise method, although it acknowledged that the account had been breached.

      The implications of automating trust

      This incident reveals a core issue in deploying AI agents with real-world authority. Meta designed its support chatbot to execute tasks that previously required human oversight, but it did so without the verification checks that humans would normally implement.

      This is a scenario the industry has encountered before. When account recovery was managed by people, the process was slow and often frustrating, yet it mandated that the requester prove their identity. Automating this process without retaining identity verification transformed a bottleneck into a vulnerability.

      The broader insight is not that AI should be barred from managing sensitive account operations, but that authentication remains a challenge no chatbot can circumvent. Meta empowered its AI to grant access, and the hackers simply asked for it.