Hackers Just Asked Meta AI for Instagram Accounts — It Said Yes

Hackers didn't break into a single high-profile Instagram account this week. They simply asked Meta's AI support bot to hand the accounts over — and, astonishingly, it did. The episode, which exploded across social media at the start of June 2026, is one of the most embarrassing AI security failures yet, and a blunt warning for every creator, brand and casual scroller in India who has handed their digital life to a single app.

The trick required no malware, no stolen password and no phishing email. It needed only a polite, plain-English request to a chatbot that had been given the keys to the kingdom. Here is exactly how the Meta AI Instagram takeover worked, why it matters far beyond a few celebrity handles, and the short checklist that would have stopped almost all of it.

What actually happened

In March 2026, Meta rolled out an AI-powered support assistant across Facebook and Instagram. The pitch was convenience: instead of waiting endlessly for human help, users could chat with a bot that could reset passwords, re-link email addresses and verify account ownership. For a platform notorious for being impossible to reach when you're locked out, it sounded like a fix.

Instead, it became the attack surface. According to reporting that surfaced on 1 June 2026, attackers discovered they could open a chat with the assistant and ask it to attach a brand-new email — one they controlled — to someone else's account. In one documented exchange, the request was as casual as telling the bot it was the owner and asking it to link a fresh email and send the code.

The bot, lacking any hard authentication checkpoint, complied. It fired off an eight-digit confirmation code and a password-reset link to the attacker's inbox. With the code in hand, the hacker reset the password and locked the real owner out — sometimes in a matter of minutes.

The 'confused deputy' flaw, in plain English

Security researchers have a name for this class of bug: the confused deputy. It's been known for decades. The idea is simple — a system that holds powerful privileges gets tricked into using them on a stranger's behalf, because it can't tell whose request it's really serving.

Think of a hotel front desk with a master key. If the clerk hands the master key to anyone who walks up and says "room 412 is mine," the lock on the door is irrelevant. The Meta assistant was exactly that clerk. It had API access to sensitive account-management functions, but no deterministic, machine-verified proof that the person typing was the genuine owner.

What makes the AI version worse is the human instinct to be helpful. Natural-language bots are tuned to satisfy requests, not to suspect them. A login form is dumb but rigid; a chatbot is flexible — and that flexibility is precisely what the attackers weaponised.

Whose accounts fell

The targets weren't random teenagers' profiles. Reports indicate the hackers reached genuinely high-value handles, including:

• The dormant Obama-era White House Instagram account, inactive since early 2017.
• The account of cosmetics giant Sephora.
• The profile of a senior US Space Force official, the service's top enlisted leader.
• A clutch of short, coveted "OG" usernames, some reportedly valued together at over $1 million.

According to media reports, hundreds of high-profile accounts may have been compromised, with stolen usernames listed for resale on dark-web and Telegram channels almost as fast as they were seized. The speed of the resale market is part of the story: rare handles are a currency, and a takeover that takes minutes feeds a black market that moves in seconds.

Why this matters for India

India is among Instagram's largest markets on the planet, with a creator economy that now pays real salaries, brand deals and rent. For an influencer with a few hundred thousand followers, the account isn't a hobby — it's the business. Losing it isn't an inconvenience; it's an income shutting off overnight.

The deeper worry is structural. Indian users have repeatedly complained that when something goes wrong on Meta's platforms, there is no human to escalate to. The AI assistant was sold as the answer to that gap. This incident flips the promise on its head: the very tool meant to help recover accounts became the doorway to steal them, and a hijacked user may find the only "support" available is the same bot that let the attacker in.

There is also a broader lesson playing out globally and in India: handing autonomous AI agents real-world powers — to move money, change settings, reset credentials — without rigid guardrails is a gamble. The convenience is seductive. The blast radius, as this week showed, can be enormous.

How the attack was beaten — and how you beat it

Here's the encouraging part. According to reports, accounts protected by two-factor authentication (2FA) — even basic SMS codes — largely shrugged the attack off. The extra checkpoint was enough to break the automated takeover chain. That single fact is your action plan.

If you do nothing else after reading this, do these:

1. Turn on two-factor authentication. In Instagram, go to Settings → Accounts Centre → Password and Security → Two-factor authentication. Switch it on for every profile you own.
2. Prefer an authenticator app over SMS. Apps like an authenticator generate codes offline and resist SIM-swap fraud, which is rampant in India.
3. Set up a unique, strong password you don't reuse anywhere else, ideally via a password manager.
4. Check your linked email and phone regularly. If an unfamiliar email suddenly appears on your account, treat it as an emergency.
5. Save your backup/recovery codes somewhere offline, so a lockout doesn't leave you at the mercy of a bot.
6. Be sceptical of any "support" chat that asks you to share a code. A real recovery flow never needs you to read a code to a third party.

What Meta said, and what comes next

Meta has moved to contain the damage. The company says it fixed the issue that allowed an external party to request password-reset emails for some users, insists there was no breach of its core systems, and maintains that people's accounts remain secure. A company communications executive confirmed the flaw has been resolved and that affected accounts are being secured, and Instagram has begun alerting users who were targeted during the chatbot attacks.

What remains unclear is the true scale — how many accounts were touched, how many were sold, and how many owners are still fighting to get back in. Expect regulators and security researchers worldwide to scrutinise how a support bot was handed account-altering powers without a hard identity check in front of it.

The takeaway is bigger than one platform. As companies race to bolt AI onto everything from banking to social media, the confused deputy is no longer a textbook footnote — it's a live, exploitable weakness. The fix isn't smarter chat; it's dumber, stricter rules around what an AI is allowed to do on your behalf. Until that's standard, the most powerful security tool you own is the boring toggle marked two-factor authentication. Go switch it on.