Tue 07 Jul 2026 / 08:12 ET
Kernel
Long Reads 3 min read

Hackers say Meta’s AI support bot handed over Instagram accounts

404 Media reports attackers used Meta’s AI account-recovery assistant to attach new emails to high-profile Instagram accounts.

June Castellano

By June Castellano / Platforms & Power Reporter

Hackers say Meta’s AI support bot handed over Instagram accounts
img: 404 Media

Hackers say they used Meta’s AI support chatbot to take control of high-profile Instagram accounts by persuading it to change the email address tied to a target profile, according to 404 Media.

The reported method is blunt: start a support chat, identify the target username, provide an attacker-controlled email address, and ask the bot to connect the two. 404 Media said a video circulating in Telegram groups showed a hacker doing exactly that with Meta’s AI support bot.

The claims line up with a recent run of prominent Instagram account takeovers, according to 404 Media, including the Barack Obama White House account, the Chief Master Sergeant of the Space Force’s account, and Sephora’s account. The report does not establish from the visible evidence that every takeover used the same method, so the clean version is this: attackers are claiming a working AI-support path, and several notable accounts were hijacked around the same period.

How the account handoff allegedly worked

404 Media reported that Telegram groups used by security researchers and hacking groups have shared videos and screenshots over several days showing the steps used to seize an account. In one video described by the outlet, the attacker opened a conversation with Meta’s support bot and asked it to add a new email address to the target Instagram account.

That matters because the email address attached to an account is not a cosmetic setting. It is part of the recovery chain. If an attacker can convince support tooling to replace or add their own email address, they may be able to receive verification codes, reset credentials, and lock out the legitimate owner.

Meta’s own positioning makes the risk sharper. In March, the company announced AI support for Facebook and Instagram accounts, saying the system would help with account recovery and security. Meta’s product page described the tool as offering “Solutions, not just suggestions,” and said it could handle password resets and other account-maintenance tasks, according to 404 Media.

That is the design choice under scrutiny. A chatbot that only points users to help pages can annoy people. A chatbot that can alter recovery settings has keys. If its identity checks fail, the failure is no longer a bad answer. It becomes an account takeover workflow.

Victims describe a support dead end

Users whose accounts were stolen told 404 Media they could not find a way to escalate the problem to a human at Meta. That leaves victims trying to recover accounts through the same automated support machinery that attackers allegedly abused.

The report is a warning about moving critical support functions into AI systems before the boring parts are locked down: authentication, escalation, audit trails, and limits on what a bot can change. Meta advertised AI support as a way to solve account problems. Hackers now claim they used it to create one.

This story draws on original reporting from 404 Media.

More Long Reads/

view all ↗