Hackers requested Meta’s AI chatbot to release Instagram accounts, and it complied.

      TL;DR: Hackers gained control of prominent Instagram accounts by requesting Meta's AI support chatbot to change email addresses without verifying identities. Meta claims the issue is resolved, yet attacks reportedly persisted post-announcement.

      No phishing links. No malware. No SIM swaps. Over the weekend, hackers seized high-profile Instagram accounts using a surprisingly straightforward method: they asked Meta’s AI customer support chatbot to modify the email address on another user’s account. The bot complied without confirming the requester's identity, allowing the attacker to reset the password and lock out the genuine account owner.

      This technique, first highlighted by 404 Media, circulated in Telegram groups where hackers shared the method and began promoting stolen handles for sale. Compromised accounts included the inactive Obama White House Instagram profile, which was used to share unauthorized AI-generated images, as well as the account of US Space Force Chief Master Sergeant John Bentivegna.

      According to Meta spokesperson Andy Stone, “the issue that did occur has already been rectified.” However, on Tuesday, additional Instagram users reported losing access to their accounts, with some members in the same Telegram groups asserting that the exploit was still functional, TechCrunch reported.

      How the attack functioned

      The attack exploited a flaw in Meta’s AI Support Assistant, introduced in March 2026, which aimed to “resolve account issues from start to finish,” including password resets. The chatbot was intended to replace human support agents for routine account recovery tasks.

      The attacker would identify a target account, generally a valuable short “OG” username. They would use a VPN to disguise their location, engage with the AI support bot, and simply assert they were the account owner. The bot would then associate the attacker’s email address with the target account without requiring any ownership verification.

      A human support agent would have authenticated the caller’s identity before allowing such a change, but the chatbot did not. While two-factor authentication might have prevented some takeovers, accounts without it were at risk of being compromised within minutes.

      An underground market for stolen handles

      For years, a thriving underground market for "OG" usernames has existed, consisting of short, coveted handles claimed by Instagram’s earliest users. Prior methods of stealing these accounts necessitated technical expertise, such as phishing victims, bribing telecom insiders for SIM swaps, or hacking email accounts.

      This new attack significantly lowered the barrier for entry. Hackers sharing the technique on Telegram promoted stolen handles for sale, which included common first names and country names that serve as collectibles in this grey market. TechCrunch reported that sales continued even after Meta’s announced solution.

      Meta rushes to inform victims

      Meta has been dispatching password reset emails and security alerts to users whose accounts were affected. Several victims noted receiving notifications from Instagram warning that the company had “detected some suspicious activity indicating your Instagram may have been compromised,” along with instructions for resetting their passwords.

      Stone informed TechCrunch that Meta secured impacted accounts on Monday before starting its notification efforts. He did not disclose how many users were affected. Meta also contested that the Obama White House account was compromised by this specific method, although it acknowledged that the account was hacked.

      The risks of automating trust

      This incident underscores a critical dilemma in deploying AI agents with real-world authority. Meta designed its support chatbot to perform actions that previously necessitated human involvement, but implemented this capability without the verification checks that human agents customarily employed.

      The industry has encountered similar patterns before. When Instagram account recovery was under human management, the process was often slow and frustrating but at least necessitated that the requester prove their identity. Automating that process without retaining the identity-verification step transformed a bottleneck into a vulnerability.

      The wider lesson is not that AI should never engage in sensitive account operations, but rather that authentication remains a challenge no chatbot can bypass. Meta granted its AI the authority to hand over access. The hackers simply approached and requested it.