How Hackers Duped Meta AI Support to Steal Celebrity Instagram Accounts: What Every User Needs to Know

Quick Answer: Cybercriminals exploited a flaw in Meta’s AI support chatbot to change the email addresses linked to high-profile Instagram accounts, bypassing two-factor authentication entirely. They used VPNs to spoof geographic locations, tricking the AI into treating fraudulent requests as legitimate. Meta patched the vulnerability in late May 2026, but not before several notable accounts were compromised and short-handle usernames were sold for over $1 million combined.

Key Takeaways

• Hackers manipulated Meta’s AI support chatbot into sending password reset emails to attacker-controlled addresses, bypassing 2FA on targeted accounts [1]
• VPNs were used to fake the geographic location of victims, making login attempts appear legitimate to the AI system [3]
• Compromised accounts included the Obama-era White House handle, Sephora’s official page, and the account of U.S. Space Force Chief Master Sergeant John Bentivegna [2]
• The exploit had been circulating in hacking communities since at least March 2026 before Meta patched it in late May 2026 [3]
• Short-handle usernames like @hey and @jowo were reportedly sold on Telegram for over $1 million combined [4]
• Accounts with multi-factor authentication (MFA) enabled were not vulnerable to this exploit [5]
• Meta confirmed the flaw has been fixed and stated there was no broader breach of its systems [4]
• AI-driven customer support systems carry real security risks when deployed without strong identity verification safeguards [6]
• Users should enable MFA immediately and monitor their registered email addresses for unexpected account activity

How Did Hackers Trick the Meta AI Support Chatbot?

Hackers found that Meta’s AI support chatbot could be manipulated into changing the recovery email address on an Instagram account without requiring the account owner’s confirmation. By doing this, they could then trigger a standard password reset to an email address they controlled, effectively locking the real owner out.

The technical oversight was straightforward but damaging. The AI support assistant relied heavily on location-based signals to verify whether a support request was legitimate. Attackers bypassed this check by using VPNs to spoof the geographic location of their targets, making the AI believe the request was coming from the same region as the account holder [8]. Once the location check passed, the chatbot processed the email change request without additional identity verification.

This is a classic example of what security professionals call a “logic flaw” rather than a code exploit. The system worked exactly as programmed; the programming just didn’t account for adversarial use.

Key steps attackers followed:

1. Identified a high-value target Instagram account
2. Used a VPN to match the target’s approximate geographic location
3. Contacted Meta’s AI support chatbot, posing as the account owner
4. Requested an email address change on the account
5. Triggered a password reset to the new, attacker-controlled email
6. Gained full account access without ever needing the original password or 2FA code

What Exactly Happened: Which Celebrity and Verified Accounts Were Stolen?

Several high-profile Instagram accounts were compromised before Meta closed the vulnerability. Confirmed targets included the Obama-era White House Instagram handle, the official Sephora account, and the personal account of U.S. Space Force Chief Master Sergeant John Bentivegna [2].

Beyond these named accounts, multiple users on Reddit and X reported unauthorized access to their Instagram profiles during the same period, suggesting the exploit was used more broadly than the headline cases alone [1]. The attack was not random. Cybercriminals specifically targeted accounts with short, memorable usernames, verified status, or large followings because these carry the highest resale value.

Short-handle usernames like @hey and @jowo were stolen and reportedly sold on Telegram for a combined total exceeding $1 million [4]. Verified “blue check” accounts were especially attractive because they carry built-in credibility, making them useful for scams, impersonation, or resale.

Can Meta AI Be Hacked Easily, and Are Verified Accounts at Greater Risk?

The Meta AI support chatbot was not hacked in the traditional sense. No one broke into Meta’s servers. Instead, cybercriminals manipulated the chatbot’s own logic by feeding it false context, specifically a spoofed location via VPN, to make fraudulent requests appear legitimate [8].

Verified and high-follower accounts face a higher level of targeting for two reasons:

• Financial value: Premium usernames and verified accounts sell for thousands to millions of dollars on black markets and Telegram channels [4]
• Trust exploitation: A verified account can be used to run convincing scams, phishing campaigns, or fraudulent promotions before the takeover is detected

That said, any Instagram account without MFA enabled was technically vulnerable during the window the exploit was active. Verification status increased the motivation to attack, not the ease of attack.

How Much Are Stolen Instagram Accounts Worth on the Black Market?

The value of a stolen Instagram account varies significantly based on follower count, username length, verification status, and niche. Short handles (one to four characters) are the most valuable because they are scarce and signal prestige.

The @hey and @jowo handles stolen in this incident reportedly sold for over $1 million combined on Telegram [4]. These figures reflect why sophisticated cybercriminals invest time in developing and sharing exploit methods within underground communities.

What Methods Do Cybercriminals Use to Steal Verified Accounts?

This Meta AI exploit is one method among many. Security researchers and law enforcement have documented several common techniques:

• AI chatbot manipulation: Exploiting gaps in AI support logic, as in this incident, to change account credentials without proper identity checks [6]
• SIM swapping: Convincing a mobile carrier to transfer a victim’s phone number to a criminal-controlled SIM, then using it to bypass SMS-based 2FA
• Phishing: Sending fake login pages via email or direct message to capture credentials
• Credential stuffing: Using leaked username/password combinations from other data breaches to attempt logins across platforms
• Social engineering of human support agents: Manipulating customer service staff directly, a tactic that AI systems were meant to reduce but have not eliminated

The common thread across all these methods is that they target the weakest link in the authentication chain rather than the encryption or core security infrastructure.

How Do Hackers Exploit Customer Support Systems?

Customer support systems, whether human or AI, are a high-value target for cybercriminals because they are designed to be helpful. That helpfulness becomes a vulnerability when identity verification is weak.

In Meta’s case, the AI support chatbot was authorized to perform sensitive account actions, including changing recovery email addresses, without requiring the user to confirm the change through a second channel [1]. The system trusted location data as a primary verification signal, and VPNs made that signal easy to fake [3].

“We fixed an issue that allowed an external party to request password reset emails for some Instagram users. There was no breach of our systems and people’s Instagram accounts remain secure.” — Meta’s official statement [4]

Human support agents face similar manipulation through social engineering, but AI systems can be exploited at scale, simultaneously, by multiple attackers, which amplifies the damage potential significantly [6].

Are VPNs Effective Against These Kinds of Hacks?

VPNs played a dual role in this incident. They were the tool attackers used to carry out the exploit, not a defense against it.

Attackers used VPNs to spoof their geographic location, matching the apparent location of the target account holder. This tricked the Meta AI chatbot into treating the fraudulent request as geographically consistent with the real account owner [3][8].

For regular users, a VPN does not protect against this type of attack because the vulnerability was on Meta’s server side, not the user’s connection. A VPN masks your IP address and encrypts your traffic, which is useful for privacy and for protecting against man-in-the-middle attacks on public Wi-Fi. It does not prevent a third party from contacting a platform’s support system and impersonating you.

What actually protects against this type of attack:

• Multi-factor authentication (MFA) using an authenticator app, not SMS
• A recovery email address that is unique and not publicly associated with your identity
• Regularly auditing the email and phone number linked to your account

What Are the Signs Your Instagram Account Might Be Compromised?

Catching account theft early limits the damage. Watch for these warning signs:

• An email from Instagram confirming a change to your recovery email that you did not request
• A password reset email you did not initiate
• Inability to log in with your correct password
• Unfamiliar login activity in your account’s security settings (Settings > Security > Login Activity)
• Posts, stories, or messages sent from your account that you did not create
• Followers or following counts changing unexpectedly
• Reports from contacts that they received suspicious messages from your account

If any of these occur, act immediately. Do not wait to see if it resolves on its own.

What Should You Do If Your Instagram Account Gets Stolen?

Speed matters. The longer an attacker controls an account, the more damage they can do and the harder recovery becomes.

Immediate steps:

1. Go to the Instagram login page and select “Forgot password”
2. Use the original email or phone number linked to the account to request a reset
3. Check that original email inbox for a recovery link from Instagram
4. If the recovery email has already been changed, use Instagram’s “Need more help?” option and follow the identity verification process
5. Report the account as hacked directly to Meta through the Help Center
6. Alert your followers that your account has been compromised so they do not engage with fraudulent content
7. After recovery, immediately enable MFA using an authenticator app and update your recovery email

Meta’s VP of Communications, Andy Stone, confirmed the company is actively securing accounts impacted by this specific exploit [7].

What Security Steps Is Meta Taking to Prevent Future Support Chatbot Manipulation?

Meta patched the specific vulnerability in late May 2026, closing the window that allowed the email address change exploit [3]. The company stated that no broader system breach occurred and that the fix has been deployed [4].

Beyond this patch, the incident has prompted broader industry discussion about the risks of assigning sensitive account actions to AI systems without layered identity verification. Security experts argue that any AI support system capable of changing account credentials should require at least one of the following before acting:

• Confirmation from the existing registered email or phone number
• A biometric or device-based verification step
• A mandatory delay period with a cancellation window sent to the original contact method

Meta has not publicly detailed whether these additional safeguards are being implemented, but the incident has made clear that AI-driven support carries real accountability when deployed without adequate checks [5][6].

How to Protect Your Instagram from Social Engineering and AI Exploit Attacks

Accounts with MFA enabled were not affected by this exploit [5]. That single fact is the most actionable takeaway from this entire incident.

Steps to secure your Instagram account in 2026:

• Enable MFA with an authenticator app (Google Authenticator, Authy) rather than SMS, which is vulnerable to SIM swapping
• Use a dedicated recovery email that is not publicly listed anywhere and is protected by its own strong password and MFA
• Review authorized apps regularly under Settings > Security > Apps and Websites and revoke any you do not recognize
• Set a strong, unique password that is not reused on any other platform
• Check login activity monthly for unrecognized devices or locations
• Do not share account credentials with third-party growth or management services

A VPN alone will not protect you from this type of attack, but using one on public networks does reduce your exposure to credential interception through other means.

FAQ

Did Meta’s systems get hacked in this incident?
No. Meta confirmed there was no breach of its core systems. Attackers exploited a logic flaw in the AI support chatbot’s identity verification process, not Meta’s infrastructure [4].

Which accounts were confirmed as compromised?
The Obama-era White House Instagram handle, Sephora’s official account, and the account of U.S. Space Force Chief Master Sergeant John Bentivegna were among the confirmed targets [2].

How long was the vulnerability active before Meta fixed it?
The exploit had been circulating in hacking communities since at least March 2026. Meta patched it in late May 2026 [3].

Would two-factor authentication have prevented this attack?
Yes. Accounts with MFA enabled were not affected by this exploit. Enabling MFA is the single most effective protection against this type of attack [5].

How did attackers use VPNs in this exploit?
Attackers used VPNs to spoof their geographic location to match that of the target account holder, making the AI chatbot treat the fraudulent support request as geographically consistent and therefore legitimate [3][8].

Can I get my account back if it was stolen this way?
Yes, in most cases. Use Instagram’s “Forgot password” flow first. If your recovery email was already changed, use the “Need more help?” identity verification option. Meta is also actively assisting impacted accounts [7].

Are verified “blue check” accounts more at risk?
They face higher targeting motivation because verified accounts carry greater resale value and credibility for running scams. The technical vulnerability applied equally to all accounts without MFA [2].

What is the black market value of a stolen Instagram account?
It varies widely. Short handles and verified accounts can sell for hundreds of thousands of dollars. The @hey and @jowo handles stolen in this incident reportedly sold for over $1 million combined on Telegram [4].

Does a VPN protect me from this type of attack?
No. A VPN protects your connection privacy but does not prevent a third party from contacting Meta’s support system and impersonating you. MFA and a secure recovery email are the effective defenses here.

What should I do right now to protect my Instagram account?
Enable MFA using an authenticator app, set a unique recovery email, review your linked apps, and check your login activity for anything unfamiliar.

Conclusion

The Meta AI support chatbot exploit is a clear signal that AI-powered customer service, while efficient and scalable, introduces new categories of risk when deployed without layered identity verification. Cybercriminals did not need advanced hacking skills. They needed a VPN, a target, and a chatbot willing to process a request it should have rejected.

The benefits of AI in security and support are real: faster response times, 24/7 availability, and reduced load on human agents. But those benefits collapse when the AI can be socially engineered just as easily as a human agent, and at far greater scale.

Actionable next steps for every Instagram user:

1. Enable MFA with an authenticator app today, not SMS
2. Verify that your recovery email is current, secure, and not publicly associated with your name
3. Check your account’s login activity and remove any unrecognized sessions
4. Set a unique password not used on any other platform
5. Report any suspicious account activity to Meta immediately through the Help Center

For businesses and platforms deploying AI support tools: require multi-channel identity confirmation before allowing any credential changes, build in mandatory delay periods with cancellation windows, and treat your AI chatbot’s permissions with the same scrutiny you would apply to a human support agent.

References

[1] Hackers Hijacked Instagram Accounts By Tricking Meta Ai Support Chatbot Into Granting Access – https://techcrunch.com/2026/06/01/hackers-hijacked-instagram-accounts-by-tricking-meta-ai-support-chatbot-into-granting-access/?utm_source=openai

[2] Meta Ai Instagram Attack – https://www.macrumors.com/2026/06/01/meta-ai-instagram-attack/?utm_source=openai

[3] Meta Ai Support Exploit Instagram Account Takeovers – https://dataconomy.com/2026/06/02/meta-ai-support-exploit-instagram-account-takeovers/?utm_source=openai

[4] Meta Patches Flaw That Allowed Metaai Support Bot To Hand Out Password Reset Links Without 2fa – https://www.techradar.com/pro/security/meta-patches-flaw-that-allowed-metaai-support-bot-to-hand-out-password-reset-links-without-2fa?utm_source=openai

[5] Meta Ai Support Chatbot Gave Hackers Access To Notable Instagram Accounts – https://arstechnica.com/ai/2026/06/meta-ai-support-chatbot-gave-hackers-access-to-notable-instagram-accounts/?utm_source=openai

[6] Meta Ai Chatbot Exploited Instagram Account Takeover – https://www.megamobilecontent.com/news/2026/06/02/meta-ai-chatbot-exploited-instagram-account-takeover/?utm_source=openai

[7] Meta Fixes Massive AI Assistant Vulnerability After Hackers Seize Instagram Accounts – https://www.anews.com.tr/tech/2026/06/02/meta-fixes-massive-ai-assistant-vulnerability-after-hackers-seize-instagram-accounts/amp?utm_source=openai

[8] Hackers Tricked Meta Ai Chatbot Handing Over Instagram – https://www.techspot.com/news/112614-hackers-tricked-meta-ai-chatbot-handing-over-instagram.html?utm_source=openai