Instagram has fixed a scary security flaw that allowed hackers to take over accounts using Meta’s own AI support chatbot. The issue came to light over the weekend, when multiple users on Reddit and X reported that their accounts had been compromised.
Even my Instagram account got hacked
— Jane Manchun Wong (@wongmjane)
The password got changed without my knowledge and I was getting different password reset attempts throughout yesterday. And I got repeatedly logged out from the IG iOS app
Quite concerning https://t.co/F6wjKYrlBo
As reported by TechCrunch, security researcher Jane Wong was also among those affected. “The password got changed without my knowledge, and I was getting different password reset attempts throughout yesterday,” she said. “Quite concerning.”
How did the hack work?
A video posted on X showed the entire process, and it’s alarming in how simple it was. The hacker first used a VPN to spoof the location, bypassing Instagram’s automated account protections. Then, they opened a chat with Meta’s AI Support Assistant and simply asked the bot to add a new email address to the target’s account.
🚨 Instagram had an exploit that allowed you to use Meta AI to reset passwords to accounts with no MFA on them. The exploit was patched a short time ago.pic.twitter.com/PEUwLvmllj
— Dark Web Informer (@DarkWebInformer) June 1, 2026
Here’s where it gets wild. The chatbot sent a verification code to the hacker’s email, not the victim’s. The hacker shared the code back with the chatbot, which then offered a button to reset the password. That’s how easy it was to take over the account of anyone on Instagram.
TechCrunch verified that the hacker’s public email mailbox did receive the verification code, confirming the attack worked exactly as shown.
Is your account at risk?
The scariest part of this attack is that the hacker never needed access to the victim’s real email address at any point. The entire process bypassed the actual account owner completely.
Instagram spokesperson Andy Stone confirmed on Monday that the issue has now been fixed. However, it remains unclear how many users had their accounts compromised before the patch. So, the good news is that you don’t have to worry about this issue anymore.
The state of AI in support
The rising prices of consumer electronics, the growing ease with which fraudsters can deceive people, and the challenges universities face as students use AI to cheat are just some examples of how AI has made our lives worse.
For me, the most annoying application of AI is in support chats. I recently ordered dinner, which was delayed. The AI support chat didn’t let me talk to a human for about two hours, repeatedly telling me that the food would arrive in the next 10 minutes.
Before this was implemented, any query I had was resolved in minutes by a human customer service agent. Meta’s AI support chatbot is yet another example of how allowing AI in customer service is creating unnecessary stress for users.