June 02, 2026

Hackers Took Over Instagram Accounts by Asking Meta’s AI Support Bot to Change the Email on File

Hackers Took Over Instagram Accounts by Asking Meta's AI Support Bot to Change the Email on File

By Sandra Radlovacki

Hackers seized control of multiple Instagram accounts over the weekend by instructing Meta’s AI support assistant to link an attacker-controlled email address to a target account, then resetting the password from there.

404 Media first reported the exploit, and TechCrunch verified that the attacker’s mailbox received the verification code the bot sent.

The attackers never needed the victim’s real email. A hacker switched on a VPN to place themselves in the target’s home region, which slipped them past Instagram’s automated location checks.

They then opened a chat with the Meta AI Support Assistant and asked it to add a new email address to the target’s account. The bot sent a verification code to that attacker email, accepted the code back, and offered a “Reset Password” button.

From there the hacker set a new password and locked the owner out. Engadget reported the method worked even on accounts protected by two-factor authentication, because changing the email sidestepped the second factor entirely.

Trophy Accounts Up for Grabs

The targets included the dormant handle for the Obama-era White House, inactive since 2017, and the account of US Space Force chief master sergeant John Bentivegna. Beauty retailer Sephora also appeared among the affected accounts.

Security consultant Jane Wong described repeated password reset attempts on her own account before she lost access. Short, high-value usernames moved quickly onto Telegram resale markets, where researchers tracking the fallout valued two of the stolen handles at more than a million dollars combined.

The exploit succeeded because the assistant carried out an account change a trained human agent would have stopped to question. Meta introduced the tool in December and expanded it across all Facebook and Instagram accounts in March, pitching it as a defence against takeovers that could detect suspicious location changes. Instead, location became the only real barrier, and a VPN defeated it. Hackers had traded the technique on Telegram since March, so the opening was exposed for months before the weekend surge.

Agentic AI tools now hold the authority to reset passwords, change account details, and approve sensitive actions, which turns weak identity verification into a direct route to account takeover. Identity verification and human oversight rank among the first controls CX leaders weigh before letting AI agents touch customer accounts, and compliance exists at the centre of any chatbot handling account security.

Meta’s Response

Meta VP of Communications Andy Stone confirmed on X that the company had resolved the issue and was securing affected accounts. Meta has not said how many users lost access before the fix. Affected users told 404 Media there was no way to escalate a stolen account to a human.

Customer Experience

Related articles

The Competencies CX Stars Say the Profession Now Requires The Competencies CX Stars Say the Profession Now Requires Your Employee Experience Roundup: Perception Gaps, Disengaged Managers and the Agentic AI Future CX Voices Why the NHS Must Rethink How It Talks to Patients with Tom Boyle CX Voices: Why the NHS Must Rethink How It Talks to Patients with Tom Boyle