A widespread Instagram hacking campaign that used Meta’s AI support chatbot to take over accounts appears to have continued even after the company said the issue had been fixed. Meta has since been working to secure affected accounts and notify users who may have been targeted.
Over the weekend, hackers claimed they were using Meta’s AI chatbot to gain control of several high-profile Instagram accounts. At the same time, many users reported on social media that their Instagram accounts had been hacked, including some accounts with short and valuable usernames.
TechCrunch said it saw examples of allegedly hacked accounts with common first names and country names. These types of usernames are often sold in gray markets as “OG handles,” which are considered valuable because they are short, rare, or linked to early Instagram accounts. Other accounts reportedly affected included the dormant Obama White House account, which Meta disputed, and the account of U.S. Space Force Chief Master Sergeant John Bentivegna.
The method used in the campaign appeared to be extremely simple. According to the report, hackers told Meta’s AI chatbot that they owned the target Instagram account and asked the bot to connect the account to an email address they controlled. The chatbot allegedly followed the request, allowing the hackers to reset the password and take over the account. In some cases, victims were locked out of their own accounts.
Meta spokesperson Andy Stone said on Monday that the issue had already been fixed. However, more Instagram users claimed on Tuesday that their accounts had been hacked. TechCrunch also reported seeing discussions in a Telegram channel where people claimed they could still exploit the chatbot and were advertising allegedly stolen handles for sale. It remains unclear whether all of the affected accounts were compromised using the same method.
Stone later said on X that some users may receive password reset notifications, while others may be asked security questions when trying to log in. He also told TechCrunch that Meta secured affected accounts on Monday and then began sending password reset emails. Meta did not say how many users were affected.
Several victims said they received emails from Instagram warning that suspicious activity had been detected and that their accounts may have been compromised. The message reportedly said Instagram had taken steps to secure the account and asked the user to reset their password.
Meta announced in March that it was using AI to automate support for account issues. The chatbot was described as being able to resolve account problems from start to finish, including securely resetting passwords. That suggests the chatbot may have been given access to sensitive account recovery actions that previously required human review.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
The sale of stolen Instagram “OG” usernames has existed for years, but earlier attacks often involved phishing, SIM swapping, or bribing telecom insiders. In this case, the attackers allegedly only needed to ask Meta’s chatbot, and the system complied.
