Last December, Meta announced a new AI support assistant that it said would make the account recovery process “quicker and easier” for people who had been locked out of their Facebook or Instagram pages. Now it seems like Meta may have over-delivered on that promise.
This same Meta AI Support Assistant has apparently been used by hackers to hijack a number of Instagram accounts. According to security researchers, the AI tool made it ridiculously easy for hackers to take over accounts, even though they were protected by two-factor authentication.
The exploit was reported over the weekend by numerous security researchers on The images and videos suggest that hackers could simply ask the AI support chatbot to change the email associated with the desired account and then request a password reset.
Meta has now fixed the issue, although it’s unclear how many accounts were affected by the exploit before it was patched. According to 404 MediaTelegram users have been discussing the vulnerability since March. When reached for comment, Meta directed Woozad to a post about X from vice president of communications Andy Stone. “This issue has been resolved and we are securing the affected accounts,” Stone said in a response to a post about the account takeovers.
This issue has been resolved and we are securing the affected accounts.
— Andy Stone (@andymstone) June 1, 2026
Although Meta did not provide additional information on why its AI support tool would have such a security vulnerability, it appears that hackers discovered that the Meta chatbot relied on the physical location of account holders to activate support. The exploit, now fixed, required hackers to use a VPN to show that their location matched that of the person whose account they were targeting, according to Neowin. “Our systems recognize the device you usually use and familiar locations better than ever,” Meta wrote in its December blog post about the AI support tool.
While we don’t officially know how many accounts were hacked with the AI tool, the timing appears to coincide with a wave of high-profile account hacks, including an Obama White House account. The account, which had not been posted since 2017, posted an AI-generated image that translates to “the White House is under Shiite control,” according to TMZ. Meta confirmed the hack at the outlet but did not provide details on how it was carried out or who might have been behind it. Other accounts that may have been involved in the exploit include beauty retailer Sephora and a senior Space Force official, according to 404 Media.
