High-value Instagram accounts are being hunted not only through stolen passwords or phishing links, but also through a surprising weakness in Meta’s own AI support chatbot. In a recent case, attackers reportedly used the tool to take over accounts and then resell them on the gray market.
The method stood out because it did not rely on a complex technical breach. Instead, it exploited access that was too permissive in a system meant to help users, allowing sensitive account details to be changed without enough verification.
According to 404 Media, videos showing the exploit were circulating widely in Telegram groups followed by hackers and security researchers. The technique was described as easy to carry out, and it was reportedly used to hijack Instagram accounts worth hundreds of thousands of dollars before Meta applied an emergency fix on May 29.
The attack chain started with a password reset process. From there, the Meta AI support chatbot was pushed to replace the email address connected to the target account, shifting access to the attacker.
Hackers also used VPNs to disguise their location. That made their activity harder to trace while they carried out the takeover.
High-profile accounts were not spared
Several prominent accounts were affected by the same technique. The White House account from the Barack Obama era and the account of the U.S. Space Force chief master sergeant were both hacked and used to display pro-Iran images and messages.
Both accounts were later restored. Security researcher Jane Manchun Wong also said her own account had been compromised through a similar method, adding to the attention around the flaw.
Neowin reported that the technique had been in active use for months, starting in February. During that period, thousands of accounts were believed to have been compromised.
ZachXBT, an open-source intelligence researcher, said Meta’s AI support system gave too much access. He argued that it allowed password resets without two-factor authentication protection and without sufficient identity verification.
Dark Web Informer also explained the same exploit through an X post and said Meta had only recently patched the issue. He and ZachXBT both highlighted that attackers were targeting Instagram accounts with strong market value so they could be resold.
Why these accounts are so valuable
Examples cited include short handles such as @hey and @jowo. CyberSec Guru estimated that the combined gray-market value of those two accounts could exceed US$ 1 million.
That value comes from account influence, resale potential, and the possibility of impersonation or brand spoofing. In that context, social media accounts become digital assets that are attractive to cybercriminals.
CyberSec Guru described the case as a classic confused deputy problem. In that situation, a system with higher authority can be tricked into acting for someone who is not authorized to request it.
In Meta’s case, the “deputy” is not a normal program but a large language model. Because AI responses are probabilistic, such systems can be influenced by specific instructions into doing things they should refuse.
MFA still makes a difference
Even though the flaw was serious, extra protection still proved effective. KrebsOnSecurity reported that hackers admitted their exploit failed when they tried to target accounts with multifactor authentication enabled.
Even the simplest form of MFA, such as one-time SMS codes, was enough to stop the account takeover through this method. That finding reinforced the value of additional security layers for high-value accounts.
The case also reflects a broader trend in which technology companies are giving AI agents broader authority. Many AI systems can now modify, create, or delete important user data, which means weak safeguards can create much larger abuse risks.
Meta launched its AI support assistant in March 2026 with a promise of reliable 24/7 service. This incident showed that wide AI access needs stronger security controls to prevent misuse.
CyberSec Guru recommended out-of-band verification before changes are made to user accounts. The suggested safeguards also included rate limiting on reset flows, full logging of AI actions, anomaly detection, and deterministic decision gates so sensitive actions cannot pass without extra review.
Source: www.beritasatu.com