Hackers were able to take over Instagram accounts by simply asking Meta's AI support chatbot to switch the email address tied to someone else's profile, then resetting the password to lock the real owner out. Meta says it has patched the flaw. The attack was first reported by 404 Media.
The chatbot, which Meta rolled out in March to handle tasks like password resets and account recovery, would add a new email address to a target's account when asked. It then sent a verification code to the hacker's own email. Once the hacker entered that code, the bot offered a button to reset the password. Attackers also used a VPN to make their location appear close to the target's, which helped them slip past Instagram's automated security checks.
The hackers went after valuable, high-profile accounts, including the archived Barack Obama White House account, the Chief Master Sergeant of the US Space Force, beauty retailer Sephora, and security researcher Jane Manchun Wong.
Many of the marquee victims were dormant or abandoned accounts. The Obama White House page had been inactive since 2017, exactly the kind of neglected account that tends to lack up-to-date security like two-step verification, which is likely why it made such an easy target.
Read More: How to delete an old Facebook account when you can't log in
Two-step verification seems to have stopped this attack
Here is the part that matters most for your own account. The hackers behind the exploit said it failed against any account that had two-step verification turned on, and that even a basic text-message code was enough to stop them. That feature, also called two-factor authentication or 2FA, asks for a one-time code on top of your password. That is the attackers' own account of what worked and what did not, so treat it as a strong signal rather than an absolute promise. Either way, two-step verification is the best lock you can put on your account, and it is the first thing to turn on.
Turning it on takes a minute. In the Instagram app, tap your profile picture in the bottom right, then tap the menu icon (three lines) in the top right to open "Settings and activity." Tap "Accounts Center," then "Password and security," then "Two-factor authentication," and pick your account. You can choose a text message code, an authentication app, or WhatsApp. An authentication app is the most secure option, but any of them would have stopped this attack. (If you're not already using an authenticator app, read our guide "The best authenticator apps to protect your accounts in 2026.")
While you are in there, it is worth checking "Where you're logged in" under the same "Password and security" menu. Wong said her password was changed without her knowledge, and that she got repeated password reset attempts and kept getting logged out before she lost the account. If you see logins from places you have never been, that is a warning sign.
You could not have opted out of this one
The chatbot that got tricked is Meta's own account recovery support, which the company switched on for every Facebook and Instagram account back in March. This was not the Meta AI assistant you can choose to chat with in your search bar or messages. It was Meta's support system, running on your account whether you wanted it or not, and Meta does not even let you fully turn Meta AI off on Instagram.
So if you have been assuming this does not apply to you because you never touch Meta's AI features, that assumption does not hold. Other than two-factor authentication, nothing in your settings made you safer or more exposed.
Handing support to a bot was the real mistake
The deeper problem is that Meta gave one of its most sensitive jobs to a chatbot. Customer support is supposed to be the one place you can reach a person when your account and your personal data are on the line. Meta handed that job to an AI assistant that would change account emails and reset passwords on request, with no real check that the person asking was who they said they were. And it did this while cutting staff in sweeping layoffs and pushing the employees who remain to lean harder on AI tools.
That is the part Meta should be answering for. The company already has a long track record of disabling accounts with little explanation and an appeals process that often leads nowhere. I have very recently watched a friend get his account suspended over a baseless accusation, submit his ID to appeal, and never once reach an actual person. Pushing even more of that work onto AI was a bad call.
Meta says the flaw is fixed and that impacted accounts are being secured. But a patch on one exploit does not undo the bigger decision to put a bot in charge of your account's front door. Either way, two-step verification is the part that is actually in your hands, so you should turn it on.
Read next: Facebook account cloning: How to spot it and stop it
[Image credit: Generated with Google Gemini]
