Instagram began alerting users on June 3 after attackers allegedly used Meta’s AI-powered support assistant to take over targeted accounts, according to TechCrunch. The company said it secured affected accounts and started sending password reset emails, but did not disclose how many users were impacted.
The reported method was unusually direct. Attackers told Meta’s support chatbot they owned a target Instagram account and asked for the account to be linked to an email address they controlled. Once the email was changed, the attacker could reset the password and lock out the real owner.
That detail is what makes the incident more than another social media hacking story. The alleged weakness was not a stolen password, a malicious link, or a compromised phone number. It was an automated support process with enough authority to alter the ownership path of an account.
What Happened
The campaign appeared to focus on prominent accounts and short or distinctive Instagram handles. TechCrunch reported examples involving common first names and country-name handles, the kind of usernames that can be valuable in the gray market for so-called OG handles. Other reported targets included the dormant Obama White House account, which Meta disputed, and the account of U.S. Space Force Chief Master Sergeant John Bentivegna.
Meta spokesperson Andy Stone said on June 1 that the issue had been fixed. TechCrunch later reported that additional users claimed on June 2 that their accounts had been hacked, while discussions in a Telegram channel suggested some people believed the technique still worked. TechCrunch also cautioned that it was not possible to confirm every reported hacked account used the same method.
Meta’s response included securing affected accounts and prompting some users through password resets or security questions. Publicly shared Instagram emails warned users that suspicious activity suggested their account may have been compromised.
Why This Is Different From a Normal Support Failure
Account recovery has always been one of the hardest parts of platform security. If a company makes recovery too strict, legitimate users can lose access forever. If it makes recovery too easy, attackers can impersonate users and take accounts away from them.
AI support changes the risk because it can compress several steps into one interaction. A human support process may be slow and inconsistent, but it often has friction: escalation, review, verification, and a paper trail. An automated assistant designed to resolve issues from start to finish can be faster for honest users and faster for attackers.
In March, Meta said it was using AI to automate user support, including account issues. The Instagram incident shows the security question behind that product decision: should a chatbot be allowed to make account ownership changes at all, and if so, under what proof?
The dangerous action here was not answering a question. It was changing the account’s recovery email. That is a control-plane action. Once it happens, the attacker does not need to defeat the old password. The recovery system itself becomes the route in.
A Concrete Example
Imagine a creator with the Instagram handle @maria. The name is short, memorable, and commercially useful. The creator has two-factor authentication turned on and never clicks phishing links.
An attacker does not need to trick her directly if the support system can be persuaded to attach @maria to a new email address. After that, the attacker triggers a password reset, receives the reset link, and takes control. From the victim’s perspective, the account appears to vanish behind a process she never initiated.
For a creator, that can mean lost sponsorship posts, missed customer messages, impersonation risk, and days or weeks spent trying to prove ownership. For a business, it can mean a public-facing sales channel is suddenly controlled by someone else.
The Market Incentive Matters
The focus on short handles is not random. Rare usernames have long been treated as collectibles in underground markets. Earlier account theft schemes often involved phishing, SIM swapping, or insider abuse at telecom companies or service providers. Those methods required more work, more coordination, or more technical sophistication.
If an automated support assistant can be manipulated with a simple ownership claim, the economics change. The cost of attempting takeovers drops. That can increase the volume of attacks, especially against accounts that are valuable mainly because of the handle rather than the person behind it.
This is also why the incident matters beyond Instagram. Any platform that gives automated support tools permission to reset credentials, change recovery emails, disable protections, or override account locks is creating a new security boundary. The chatbot is no longer just a front desk. It is part of the account infrastructure.
What Platforms Should Take From This
The practical lesson is not that AI should never be used in customer support. Users need faster recovery, especially when large platforms have millions of accounts and limited human support capacity. The lesson is that automation needs hard limits around irreversible or high-risk actions.
- Email changes should require strong verification, especially when the request comes through support rather than an already-authenticated session.
- High-value handles need extra scrutiny, because attackers have a direct financial incentive to target them.
- AI tools should not be able to override ownership signals alone; they should gather information, not become the final authority for sensitive changes.
- Post-incident alerts need to be fast and specific, so users know whether they were targeted, compromised, or simply asked to reset a password as a precaution.
For users, the available defenses are still worth using: strong passwords, two-factor authentication, updated recovery information, and careful monitoring of account emails. But this incident also shows the limit of user-side security. If the platform’s own recovery workflow can be manipulated, the user may have done everything right and still be exposed.
What To Watch Next
The unresolved questions are straightforward: how many accounts were affected, whether attacks continued after Meta’s first fix, and what authority Meta’s AI support systems now have over account recovery actions.
Meta does not need to reveal every technical detail to attackers, but creators and businesses need clarity about the security model. If AI support can perform sensitive recovery tasks, users should know what verification is required and what protections exist when a request targets a valuable or public account.
The broader issue is likely to return across consumer platforms. Companies are pushing AI into support because human support is expensive and slow. But account recovery is not a normal customer service ticket. It is the gate to identity, audience, revenue, and reputation. Automating it without strict guardrails turns convenience into an attack surface.