Hackers spent the past weekend taking over Instagram accounts, and they did not have to steal a single password the hard way. They asked Meta’s own AI support bot to help, and it helped them.
The story was first reported by 404 Media, whose reporter Jason Koebler summed up the lesson in a line: the exploit shows the extreme risk of offloading technical support to AI. The targets were not weak accounts. They included the archived Obama White House handle, dormant since January 2017 and still carrying about 2.4 million followers, and the account of the US Space Force’s senior enlisted leader, Chief Master Sergeant John Bentivegna. The reverse-engineering researcher Jane Manchun Wong said her own account was taken too. Several hijacked profiles were briefly defaced with pro-Iranian images.
How the attack worked
The method, confirmed by TechCrunch after it reviewed a video of the exploit, was almost insultingly simple.
An attacker first switched on a VPN to appear in the target’s region, which avoided Instagram’s automatic location alarms. They then opened Meta’s AI Support Assistant and asked it to add a new email address to the victim’s account. The bot sent an eight-digit verification code. The problem is that it sent that code to the new email the attacker had just supplied. The attacker read the code back to the bot, the bot offered a “Reset Password” button, and the account was gone.
At no point did the attacker need the victim’s real email, a phishing link, or any malware. The flaw was not clever hacking. It was an AI agent that treated whoever it was chatting with as the rightful owner, and never properly checked. One thing did stop it. By most accounts the trick only worked on accounts that had no two-factor authentication. Accounts with 2FA switched on were reportedly not taken. That single setting was the difference between a close call and a lost account.
Make tech-ish your favourite news source
Star tech-ish.com on Google. We move up your daily feed.
Is it actually fixed?
Meta says yes. On 1 June, Instagram spokesperson Andy Stone said the issue had been resolved and that the company was securing impacted accounts. He also knocked down a separate, false claim that was spreading fast. Nikita Bier, who is Head of Product at X and so works for Meta’s direct rival, posted that the private messages of world leaders had been made public, then deleted the posts. Stone called that claim “totally false,”
Security researchers are less sure the danger has passed. The threat-intelligence group vx-underground said on 2 June that the fix was incomplete and that accounts were still being stolen. Others report that theft of rare, high-value handles remains active. Meta has not said publicly how many users were affected.
There is a reason this matters beyond one weekend. We already explained what it meant when Meta switched off end-to-end encryption for Instagram DMs on 8 May. Without that encryption, anyone who seizes your account can now read your full message history in plain text. The takeover flaw and the encryption change make each other worse.
The deeper problem
Meta launched its AI support assistant in December and promised faster account recovery. The promise was real. So was the danger. The company gave a chatbot authority over account settings, including the power to change the email on an account, and removed the human who used to review those requests. When nothing reliably checks who is asking, a bot built to be helpful becomes the way in.
Critics, including Wong, tie the failure to Meta’s wider shift this year. The company cut about 8,000 jobs in May as it remade itself around AI, and has been pulling back on human content moderation and risk staff. Whether Instagram specifically gutted its trust and safety team, as some online claim, is not confirmed. What is clear is that an automated support flow with real power failed in exactly the way critics had warned.
What this means for Kenya
For Kenyan users the lesson lands harder, for two reasons.
First, reaching a real person at Meta is close to impossible here. There is no local support line. If your account runs your business, and many small Kenyan businesses live entirely on Instagram and WhatsApp, a takeover can mean losing your shopfront with no one to appeal to.
Second, this will not be the last time an AI support agent is the weak point. More companies here, including banks, telcos and startups, are putting AI agents in front of customer accounts. The Instagram case is a preview of what happens when those agents are given real power without real checks.
So do the basic things now, while you still control your account. Turn on two-factor authentication using an authenticator app rather than SMS alone. Check the logged-in devices in your Account Centre and remove any you do not recognise. Keep the email tied to your account locked down with its own strong password and its own 2FA. None of this is glamorous. It is just the part of account security you can actually control, and right now it is the part that works.
