Meta's support AI handed over Instagram accounts to anyone who asked nicely

An account takeover flow targeting Instagram required only a username and a VPN pinned near the victim’s city. The attacker contacted Meta’s AI support, claimed the account was hacked, and requested a verification code be sent to an attacker-controlled email. The AI complied without checking whether the email had any prior association with the account, then handed back a password reset link. When prompted for a video selfie, an AI-animated still pulled from the target’s public feed was reportedly enough to satisfy the check.

Because the flow was treated as a legitimate owner-initiated recovery, 2FA was bypassed, active sessions were killed, and the password was changed silently with no notification to the real owner. Recovery was effectively impossible because the contact details now belonged to the attacker, and there was no human escalation path. Telegram marketplaces openly sold the service, and high-profile accounts including the Obama White House and the Chief Master Sergeant of the U.S. Space Force were hijacked, some for propaganda and others flipped for the resale value of short handles.

Meta has reportedly patched the flow, but evidence suggests it was exploitable for weeks or months. The incident is a pointed example of an LLM-powered support agent being granted authority over high-privilege account recovery without the deterministic identity checks that workflow demands.