Hackers Hijacked Celebrity Instagram Accounts by Simply Asking Meta's AI Chatbot for Help

Hackers took over Instagram accounts by asking Meta's AI support chatbot to switch the email associated with someone else's profile and then reset the password, according to a video shared on Telegram and reported by 404 Media. The chatbot complied without requiring proper authentication, bypassing security measures that should have protected account ownership. Meta spokesperson Andy Stone confirmed on X that the issue has since been patched, though the company did not disclose when the vulnerability was introduced or how many accounts were affected.

The simplicity of the attack stood out to security researchers. Rather than exploiting complex technical vulnerabilities, hackers used social engineering against an AI system designed to help users recover access to their accounts. This represented a novel attack vector where the support infrastructure itself became the weakest link.

The attackers focused on particularly valuable Instagram handles with short, desirable usernames. According to cybersecurity blog CyberSec Guru, accounts including @hey and @jowo were targeted, with a combined gray-market valuation estimated above $1 million. Security researchers ZachXBT and Dark Web Informer confirmed that hackers had targeted and resold these accounts before Meta intervened.

Such accounts hold value even when controlled for brief periods because of clout, resale potential, or brand impersonation opportunities, CyberSec Guru reported. The concentrated value of rare handles created strong incentives for attackers to find and exploit any available weakness in Meta's account recovery systems. The incident highlighted how platform features designed for legitimate user convenience can become attack surfaces when insufficient safeguards exist.

Meta moved to patch the vulnerability after public disclosure, though the company provided limited details about the scope or duration of the exposure. The incident raised questions about how thoroughly Meta tested its AI support systems against adversarial prompts before deployment. Krebs on Security noted the broader pattern of AI-powered support tools being manipulated by sophisticated attackers who understand how to frame requests to bypass intended restrictions.

The speed of Meta's response suggested internal urgency, but also that the company may not have identified the vulnerability through its own security testing. The reliance on external researchers and journalists to surface the flaw pointed to potential gaps in red-teaming procedures for customer-facing AI systems.

The incident exposed a fundamental tension in deploying AI for sensitive account management tasks. Systems designed to be helpful and reduce friction for legitimate users become exploitable when they lack the judgment to distinguish between authorized and unauthorized requests. According to TechRadar, the flaw allowed Meta's AI support bot to hand out password reset links without completing two-factor authentication, a critical security layer that should have blocked unauthorized access.

This vulnerability emerged as companies increasingly replace human support staff with AI systems that can be scaled more cheaply but may lack the contextual understanding to resist manipulation. The Meta case demonstrated that attackers can weaponize the very helpfulness that makes AI support attractive to businesses, turning customer service efficiency into a security liability.

The attack pattern carries lessons beyond Meta's specific implementation. Platforms deploying AI for account recovery must now consider whether their systems can distinguish between genuine user distress and calculated social engineering. According to Dark Web Informer's reporting, the Telegram video showed the exploit working in real time, suggesting the vulnerability was reproducible and accessible to attackers without specialized technical skills.

As AI systems take on more security-critical functions, the industry faces pressure to develop better prompt injection defenses and contextual authentication that adapts to risk signals rather than following rigid scripts. Meta's patch addressed this specific exploit, but the underlying challenge of securing helpful AI against determined adversaries remains unresolved across the technology sector.

Users with high-value or high-visibility Instagram accounts should review recent login activity and email change notifications, as the window of exposure before patching remains unclear. Meta has not announced whether it will notify specific users who may have been targeted. For the broader industry, this incident serves as a case study that will likely influence how platforms authenticate users during AI-mediated support interactions.

Security researchers expect copycat attempts against other companies' AI support tools, particularly those handling password resets or email changes. The economics of rare social media handles create persistent incentives for attackers, meaning platforms must treat AI support security with the same rigor applied to traditional authentication systems.