Multiple Instagram users are reporting that their accounts were hijacked after cybercriminals allegedly manipulated Meta’s AI-powered account recovery tools into believing they were the real owners. The incidents are raising serious concerns about the growing reliance on artificial intelligence for customer support and account security.
Several high-profile and rare Instagram accounts were reportedly compromised this week, including accounts previously associated with the Obama White House social media team, app researcher Jane Manchun Wong, and valuable usernames such as @hey and @korn. Many victims claimed they had enabled two-factor authentication (2FA) and completed identity verification steps, yet attackers still managed to gain access.
According to reports from affected users, attackers abused Meta’s automated recovery process by triggering Instagram’s “forgot password” feature and convincing the platform’s AI support assistant that they were legitimate account holders. In some cases, threat actors allegedly used publicly available profile photos to generate AI-created selfie videos capable of bypassing Meta’s facial verification system.
Users claim the AI-powered verification process failed to distinguish between a real person and an AI-generated animation. Once the attacker passed the verification step, they were able to change the email address tied to the account and initiate a password reset, effectively locking the original owner out completely.
Victims also described major frustrations with Meta’s customer support system, saying they were trapped in endless chatbot loops with no access to human representatives. Some users reported spending hours attempting to recover their accounts, only to receive broken links or automated responses that failed to resolve the issue.
One impacted account owner said the situation highlights a dangerous trend where artificial intelligence is replacing human support without reliable safeguards in place. The user described the experience as “one AI stealing the account while another AI fails to fix it.”
Security researchers and online investigators also noted that some attackers may have used VPN services to mimic the victim’s geographic location, helping them avoid additional security checks that could have flagged suspicious logins.
Rare Instagram usernames and one-letter accounts are highly valuable on underground marketplaces, often selling for tens of thousands of dollars. This makes them prime targets for cybercriminals looking to exploit weaknesses in automated support systems.
While Meta has not released a full public statement about the attacks, company communications executive Andy Stone stated on social media that the issue had been resolved and that impacted accounts were being secured.
The incident is fueling broader concerns about the future of AI-powered customer support. While companies continue pushing automation to reduce costs and improve efficiency, critics warn that removing human interaction from sensitive security processes could leave users powerless when systems fail. As AI becomes more deeply integrated into authentication and recovery workflows, cybersecurity experts warn that attackers will continue looking for ways to manipulate those systems faster than companies can defend them.