Hackers are claiming they exploited Meta’s AI support chatbot to take over Instagram accounts by convincing the bot to change the email address linked to a target profile. The alleged abuse comes amid a wave of high-profile account takeovers, including the Instagram accounts associated with the Barack Obama White House, the Chief Master Sergeant of Space Force, and Sephora.
The claims raise serious concerns about the risks of using AI systems for customer support and account recovery, especially when those systems are allowed to perform sensitive actions such as resetting passwords or modifying account credentials. According to the reporting, users who lost access to their accounts said they could not easily reach a human support representative, leaving them stuck with the AI system as the main path for help.
Meta had announced in March that it was expanding AI support across Facebook and Instagram accounts and that the chatbot would be able to help with account security and recovery tasks, including password resets and other maintenance functions. The company described the feature as offering “solutions, not just suggestions,” highlighting its role in account security and recovery.
Over the past several days, screenshots and videos have been circulating in Telegram groups used by security researchers and hackers, showing what appears to be a simple method for carrying out the takeover. In one example, a hacker allegedly begins a conversation with Meta’s AI support bot and asks it to associate the target account with a new email address. The message shown in the video instructs the bot to link the account to the attacker’s email and mentions that a code will be sent, suggesting the chatbot may have been manipulated into processing the request without proper verification.
If accurate, the technique would point to a major flaw in delegating critical account functions to automated systems, particularly if those systems can be tricked through ordinary conversational prompts. The alleged campaign also underscores a broader security challenge for major platforms: the more responsibility AI tools are given, the greater the damage if they can be socially engineered or bypass safeguards.
The reported incidents are part of a growing debate over how much authority AI support tools should have over user accounts, especially when they control access to identity, email settings, and recovery options. For victims, losing an account can mean losing access not only to social media presence but also to business communications, verified identity, and audience reach.
The situation remains significant because it combines two fast-moving issues: the increasing use of AI in customer support and the rising sophistication of account takeover attacks. Even if the exact mechanics still need verification, the reported cases highlight how automation can become a security weakness when it is entrusted with high-value account operations without sufficient human oversight, authentication checks, and escalation paths.
