Instagram users locked out after Meta AI abused to steal accounts
Meta AI support tools exploited to hijack Instagram accounts using deepfake selfies and email changes.
Summary
Attackers exploited Meta's AI-powered support system to hijack high-value Instagram accounts by using AI-generated deepfake videos of victims' faces to bypass facial verification, then tricking the AI chatbot into changing account email addresses. The stolen accounts included @hey, @korn, and one previously used by the Obama White House team. Victims reported being trapped in AI support loops with no human escalation path, making account recovery nearly impossible.
Full text
Instagram users locked out after Meta AI abused to steal accounts By Bill Toulas June 2, 2026 11:47 AM 0 Multiple Instagram users had their accounts hijacked after attackers convinced Meta’s AI-powered support tools that they were the legitimate owners. In many cases, impacted users are unable to recover access due to the platform's use of automated assistance that involves only AI/chatbot loops and no human support agents. On Monday, multiple holders of rare and high-value accounts reported suddenly losing access to their accounts, claiming that their identities had been verified via facial scans and that they had enabled safeguards such as two-factor authentication (2FA). Among the impacted accounts were one previously used by the Obama White House team, one belonging to app researcher Jane Manchun Wong, @hey, and @korn. The owner of the @korn account, who noted that the band never officially claimed the account and is using another one, expressed frustration with Meta’s recovery mechanism, which had put them in a time-wasting loop. “I spent 6 hours trying to get human support, and Meta's support AI gave me 4 broken links in a row,” explained the user identifying as Kornel. “We're at the point where one AI stole it, and another can't fix it, zero humans in the loop anywhere,” the @korn account owner said. According to some reporters, the account-hijacking attacks were trivial. The activity involved chatting with Meta’s AI assistant, convincing it that the attacker was the legitimate account owner, and tricking it into changing the associated email address. The takeover process starts with the threat actor activating the "forgot password" protocol due to the account being hacked. When Instagram's AI-powered assistance asks the user to verify with a selfie, the attacker uses a photo from the target's account, passes it through an AI video generator to turn it into an animation, and uploads it to Meta for verification. User André says that "Meta’s AI just accepts it because it can’t tell the difference between a real selfie and an AI-generated video of someone’s face." They also added that the takeover method bypasses 2FA protections. "Then you try to recover your account, and you’re talking to a chatbot that has zero ability to help. You can’t escalate to a human. You’re just stuck. Your asset is gone, and there’s no one to call," André said. Some reports claim that attackers used VPN services to appear as if they connected from the target’s usual region, to pass geolocation checks that would trigger a more complex login flow for added security. Chat with the Meta's AI support agentSource: @thecomfeed After changing the email address, the attacker could initiate a password reset process and receive the required security code for gaining access to the account. Some online reports claim that the @e and @f one-letter accounts on Instagram were obtained through an active exploit. However, others dispute this information, arguing that the usernames were secured by an individual with internal privileges. BleepingComputer was not able to independently verify either claim. Because single-letter social media accounts are very rare, they have a high value on the black market, typically in the tens of thousands of U.S. dollars. While Meta has yet to publish a press release with an official response to the situation, the company's vice president of communications, Andy Stone, replied on social media to an affected user stating that the "issue has been resolved, and we are securing impacted accounts." BleepingComputer has contacted Meta with a request for a comment, but we have not heard back as of publishing. The Validation Gap: Automated Pentesting Answers One Question. You Need Six. Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.This guide covers the 6 surfaces you actually need to validate. Download Now Related Articles: Dashlane password manager users locked out by brute force attacksLock in 20+ top AI models for life for a one-time $60 through 6/14Anthropic confirms Claude Mythos-class models will roll out to the publicGreyVibe hackers use ChatGPT, Gemini to power cyberattacksHow Varonis Atlas integrates Claude Compliance API for AI governance
Indicators of Compromise
- malware — AI-generated deepfake video