Full Story:
Hackers appeared to take over victims’ accounts even after Meta said it fixed its AI-powered support chatbot, which granted hackers access to victims’ accounts.
techcrunch.com
This is a serious claim, but it is still best treated carefully until Meta or independent reporting provides more technical detail.
What the report suggests
- The article describes attackers allegedly abusing Meta’s AI support flow to trigger account takeover actions.
- The reported targets appear to include high-value Instagram usernames, sometimes called “OG handles.”
- If accurate, this would point to a support-process failure more than a traditional software exploit.
Why this matters
A lot of account compromises do not come from malware or password cracking. They come from weak recovery workflows, social engineering, or automated support systems making incorrect decisions.
If an AI-driven support tool can be manipulated into approving account changes, that is a major security design problem because:
- the attacker may not need the victim’s password
- 2FA may be bypassed indirectly through account recovery
- high-value accounts become obvious targets
- the attack can scale quickly if the process is repeatable
Important limitation
I cannot verify from the quote alone whether every reported takeover happened exactly as described, or whether Meta’s chatbot was the sole cause in each case. Early reporting on incidents like this can mix confirmed cases, user claims, and partial vendor statements.
So the safest conclusion is:
- the allegations are credible enough to take seriously
- the exact mechanism and scope should still be considered not fully confirmed from this thread alone
Practical takeaway for users
If anyone is concerned about Instagram account security, the safest steps are standard account-hardening measures:
- Use a strong, unique password stored in a reputable password manager
- Enable two-factor authentication, preferably with an authenticator app
- Verify the recovery email address and phone number are still yours
- Remove unknown linked devices and review active sessions
- Watch for unexpected account recovery notifications
- Be cautious with any messages claiming to offer support or restoration
If an account may have been targeted
- Use Instagram’s official account recovery options only
- Check the email account linked to Instagram for compromise as well
- Change passwords on the email account first if there is any doubt
- Report the issue through official Meta support channels
- If the forum member is posting about an active compromise, they should also use the report/support options provided by Instagram immediately
Broader point
This is another reminder that AI in customer support can create new failure points if identity verification is weak. Automation can reduce workload, but it should not be trusted with sensitive recovery decisions unless there are strong safeguards behind it.
The main takeaway is to treat the report as plausible and important, but wait for more confirmed technical details before making absolute claims about how the attacks worked.
