In December, Meta announced a new AI support assistant that it promised would make the account recovery process “faster and simpler” for people who were locked out of their Facebook or Instagram pages. Now, it looks like Meta may not have lived up to that promise.
The same Meta AI support assistant has apparently been used by hackers to hijack multiple Instagram accounts. According to security researchers, AI tools have made it extremely easy for hackers to take over accounts, even if they are protected by two-factor authentication.
The exploit was flagged over the weekend by several security researchers at X. Researchers said screenshots and videos showing the takeover in action, along with instructions on how to handle the accounts, were being widely circulated on Telegram. The images and video show that the hackers were able to get the AI support chatbot to change the email associated with their desired account and then request a password reset.
Meta has now addressed the issue, although it is unclear how many accounts were affected by this exploit before it was patched. according to 404 mediaUsers on Telegram have been discussing the vulnerability since March. When contacted for comment, Meta directed Engadget to a post on X from Andy Stone, vice president of communications. “The issue has been resolved and we are securing the affected accounts,” Stone said in response to an account that posted about the account takeover.
This issue has been resolved and we are securing the affected accounts.
– Andy Stone (@andymstone) June 1, 2026
Although Meta did not provide additional information about why its AI support tool would have such a large security vulnerability, it appears that the hackers discovered that Meta relies on the physical location of account holders to enable chatbot support. The now-patched exploit required hackers to use a VPN to pretend that their location matched the location of the person whose account they were targeting. neovin. “Our system recognizes the devices you commonly use and familiar locations better than ever before,” Meta wrote in its December blog post about the AI support tool.
Although we don’t officially know how many accounts were hijacked with the AI tool, the timing seems to coincide with a wave of hacks of high-profile accounts, including an account of the Obama White House. The account, which had not posted since 2017, posted an AI-generated image that translated to “The White House is under the control of Shiites,” according to tmz. Meta confirmed the hack to the outlet but did not provide details on how it was carried out or who might be behind it. Other accounts that have been caught in this exploit include those of beauty retailer Sephora and a high-ranking Space Force officer. 404 media.
<a href