Hackers Abused Meta’s AI Support Bot to Hijack Major Instagram Accounts

Multiple Instagram accounts — including high-profile and high-follower profiles — were hijacked after attackers exploited a logic flaw in Meta’s AI support assistant that allowed attackers to add their own email, receive verification codes, and change account passwords without notifying account owners. Attackers used VPNs to evade location checks and submitted AI-generated selfie videos to pass identity checks, bypassing two-factor authentication; Meta says it has patched the issue and is securing affected accounts.