Instagram is warning users who may have been targeted in a hacking campaign that reportedly used Meta’s AI support chatbot to take over accounts, including valuable “OG” handles and some high-profile profiles, even after Meta said the issue had been fixed.
TL;DR
- Hackers allegedly convinced Meta’s AI chatbot to link target Instagram accounts to attacker-controlled emails.
- Meta said the issue had been fixed, but more users reported account hacks the next day.
- Instagram has begun sending alerts, password reset emails, and security prompts to affected users.
- Meta has not said how many accounts were compromised.
Meta’s AI Support Chatbot Becomes The Center Of Instagram Account Takeover Claims
Meta is facing questions over an Instagram hacking campaign that appeared to exploit its AI-powered support chatbot, allowing attackers to take control of accounts by simply claiming ownership of them.
According to the provided details, hackers allegedly told Meta’s chatbot that they owned the targeted Instagram account and asked it to connect the account to an email address under their control. The chatbot reportedly complied, which then allowed the attackers to reset passwords and lock some users out of their accounts.
The campaign drew attention over the weekend after hackers claimed they were exploiting Meta’s AI support system to take over several high-profile Instagram profiles.
Around the same time, many users complained on social media that their accounts had been compromised, including accounts with rare, short, or highly desirable usernames.
Instagram OG Handles Became A Key Target In The Hacking Spree
A major part of the alleged campaign appears to center on so-called “OG handles,” a term used for rare usernames that often belong to early Instagram users or carry simple names, countries, or common first names.
These handles can be treated like collectibles in gray markets, where stolen or hijacked usernames may be resold. The provided content noted examples of allegedly hacked handles featuring common forenames or country names.
Other reported targets included the dormant Obama White House account, which Meta disputed, and the account of U.S. Space Force Chief Master Sergeant John Bentivegna.
That makes the incident more than another routine account security issue. It points to the risk of automated support systems being given access to sensitive account recovery functions without enough verification friction.
Meta Said The Issue Was Fixed, But Users Reported More Hacks
On Monday, Meta spokesperson Andy Stone said that “the issue that did happen has already been fixed.”
However, the issue did not appear fully settled for users.
On Tuesday, more Instagram users claimed their accounts had been hacked. At the same time, discussions seen by TechCrunch in a Telegram channel, where the technique had reportedly been publicized, suggested some members were still claiming they could exploit Meta’s AI chatbot.
Some users were also reportedly advertising apparently hacked handles for sale. However, it remains unclear whether all of the hacked accounts were compromised using the same method.
In a later post on X, Stone said, “Some people may receive password reset notifications and some may be asked security questions when they try and log into their accounts.”
Meta Secured Affected Accounts And Began Sending Instagram Alerts
Meta said that it secured affected accounts on Monday before sending password reset emails. Stone did not say how many users were hacked when asked.
Several users later reported that Instagram had started notifying people who may have been targeted. The alerts said Instagram had “detected some suspicious activity that suggests your Instagram may have been compromised.”
The message also said the company had taken steps to secure the account and asked users to reset their passwords.
The timeline suggests Meta is now trying to contain the fallout through account recovery, password resets, and additional login security checks.
Topics For More Insights
- India’s Wearable Health Tech Firm Ultrahuman Faces Breach Affecting At Least 700 Users
- Meta’s AI Support Bot Lets Hackers Hijack Instagram Accounts
- Iran-Linked Hackers Blamed For LA Metro Breach That Hit Systems And Recovery
- UK Visa Portal Faces Scrutiny After Thousands Of Passports And Selfies Leaked!
Meta’s AI Account Recovery Push Now Faces Bigger Trust Questions
The incident also raises broader concerns about Meta’s use of AI in customer support.
As 404 Media noted in the provided content, Meta announced in March that it was implementing AI to automate support for users. The AI-powered chatbot was described as “designed to resolve account issues from start to finish,” with the ability to “reset your password securely.”
That capability may have been intended to reduce friction for legitimate users locked out of their accounts. Yet this incident shows how account recovery tools can become high-risk targets when automated systems are allowed to perform actions that once required human review.
For years, attackers seeking valuable Instagram usernames relied on more complex tactics such as phishing, phone number takeovers, or bribing telecom insiders. In this case, the alleged technique was far simpler.
Hackers reportedly just asked, and Meta’s chatbot complied.
