Instagram Accounts Hijacked by Tricking Meta AI Support Into Verifying Attackers as Owners

Attackers are utilizing generative AI to bypass identity verification systems on Instagram, allowing them to hijack high-value accounts by tricking Meta’s AI-powered support tools. These exploits specifically target the platform’s automated recovery process, which relies on AI-driven facial verification to confirm account ownership.

The vulnerability stems from the system’s inability to distinguish between a live person and an AI-generated video. By using public photos of a target, attackers can create realistic animations that satisfy the security checks required to reset account access, effectively neutralizing standard security measures including two-factor authentication.

Reports of these attacks emerged on June 2, 2026, highlighting a systemic failure where AI is used both to execute the breach and to block the victim’s attempts at recovery.

The Mechanics of the AI Verification Bypass

According to reporting from BleepingComputer, the takeover process is straightforward and does not require access to the user’s physical device. The attack begins when the perpetrator activates the forgot password feature, claiming the account has been compromised.

When Instagram’s AI assistant requests a video selfie for identity verification, the attacker does not provide a live recording. Instead, they harvest a clear photo of the target from their public profile and process it through an AI video generator to create a synthetic animation of the person’s face.

Meta’s verification AI accepts these generated videos as valid proof of identity. Once the AI confirms the identity, the attacker is granted the ability to change the email address associated with the account. With a new email in place, the attacker initiates a password reset and receives the necessary security code to seize full control.

The attack also incorporates geolocation spoofing. Attackers reportedly use Virtual Private Networks (VPNs) to make their connection appear as though it is originating from the target’s usual geographic region, which prevents the system from triggering additional security alerts that typically accompany logins from unknown locations.

High-Value Targets and the Username Black Market

The attackers have specifically targeted rare and high-value accounts, which hold significant monetary value on the black market. These include accounts with single-letter usernames or those previously associated with high-profile entities.

Affected accounts reportedly include one previously used by the Obama White House team, the account of app researcher Jane Manchun Wong, and rare handles such as @hey and @korn. Some reports suggest that single-letter accounts, such as @e and @f, may have been obtained through similar exploits or internal access, though BleepingComputer noted it could not independently verify those specific claims.

Rare usernames are highly coveted by collectors and speculators, with some handles fetching tens of thousands of dollars in illicit trades. This financial incentive drives the development of more sophisticated methods to bypass platform security.

The AI Support Paradox

A critical component of this crisis is the lack of human intervention in Meta’s recovery process. Users who have lost their accounts report being trapped in automated loops with AI chatbots that are unable to resolve the issue or escalate the ticket to a human agent.

The owner of the @korn account described spending six hours attempting to contact support, only to be provided with four broken links by the support AI.

“We’re at the point where one AI stole it, and another can’t fix it, with no humans involved.”

Owner of the @korn account

Another affected user, André, noted that the chatbot lacks the capacity to assist in complex recovery scenarios, leaving users stuck in a cycle of automated responses without a path to manual verification.

Meta’s Response and Risk Mitigation

Meta has not issued a formal corporate statement regarding the vulnerability. However, Andy Stone, the company’s vice president of communications, responded to a user on social media stating that the specific incidents had been resolved and that the company is working to secure the affected accounts.

Because the vulnerability exists within Meta’s own verification infrastructure rather than on the user’s device, there is no software patch for users to install. However, security experts suggest several steps to reduce the risk of being targeted:

• Limit the number of high-resolution, public-facing profile photos that clearly show the face, as these serve as the source material for AI-generated verification videos.
• Ensure account recovery contact details, including phone numbers and emails, are current and protected by strong, unique passwords.
• Maintain documentation of account ownership, such as original signup emails and account creation dates, to provide as evidence if manual recovery becomes possible.
• Enable two-factor authentication to protect against common credential-based attacks, even though this specific AI exploit reportedly bypasses it.
• Monitor account notifications closely for any unexpected alerts regarding password resets or email changes.

The incidents highlight a growing security gap in the industry: as companies replace human support with AI to reduce costs, they create single points of failure where an AI-driven attack can be shielded from human oversight by an AI-driven support system.