Skip to content
Tech News
← Back to articles

Instagram users locked out after Meta AI abused to steal accounts

2026-06-02 | original
read original get Meta AI Security Kit → more articles
Why This Matters

This incident highlights the vulnerabilities of relying solely on AI-powered support systems in the tech industry, exposing users to account hijacking and identity theft. It underscores the urgent need for human oversight and improved security measures to protect user accounts and maintain trust in digital platforms.

Key Takeaways

Multiple Instagram users had their accounts hijacked after attackers convinced Meta’s AI-powered support tools that they were the legitimate owners.

In many cases, impacted users are unable to recover access due to the platform's use of automated assistance that involves only AI/chatbot loops and no human support agents.

On Monday, multiple holders of rare and high-value accounts reported suddenly losing access to their accounts, claiming that their identities had been verified via facial scans and that they had enabled safeguards such as two-factor authentication (2FA).

Among the impacted accounts were one previously used by the Obama White House team, one belonging to app researcher Jane Manchun Wong, @hey, and @korn.

The owner of the @korn account, who noted that the band never officially claimed the account and is using another one, expressed frustration with Meta’s recovery mechanism, which had put them in a time-wasting loop.

“I spent 6 hours trying to get human support, and Meta's support AI gave me 4 broken links in a row,” explained the user identifying as Kornel.

“We're at the point where one AI stole it, and another can't fix it, zero humans in the loop anywhere,” the @korn account owner said.

According to some reporters, the account-hijacking attacks were trivial. The activity involved chatting with Meta’s AI assistant, convincing it that the attacker was the legitimate account owner, and tricking it into changing the associated email address.

The takeover process starts with the threat actor activating the "forgot password" protocol due to the account being hacked. When Instagram's AI-powered assistance asks the user to verify with a selfie, the attacker uses a photo from the target's account, passes it through an AI video generator to turn it into an animation, and uploads it to Meta for verification.

User André says that "Meta’s AI just accepts it because it can’t tell the difference between a real selfie and an AI-generated video of someone’s face." They also added that the takeover method bypasses 2FA protections.

... continue reading

Explore topics: meta ai instagram account hijacking facial scans two-factor authentication
Related:
Password manager Dashlane says hackers stole some customers’ password vaults
Meta repeatedly snubs EU body over Facebook and Instagram user bans
Meta tests ‘Series’ for episodic Reels on Instagram and Facebook
Hackers tricked Instagram AI into letting them take over high-profile accounts [Video]
Instagram AI chatbot tricked by hackers to give access to others' accounts

© 2026 GoKawiil

About | Editorial Policy | Contact