TLDR
Meta's AI powered support chatbot was tricked by attackers into changing the email addresses on Instagram accounts, effectively handing over account control. The bot failed to verify the true owner's identity, allowing hackers to initiate...
How it works
Meta's AI powered support chatbot was tricked by attackers into changing the email addresses on Instagram accounts, effectively handing over account control. The bot failed to verify the true owner's identity, allowing hackers to initiate...
Red flags
- Support chatbot performs credential changes (email, password) without robust identity verification Attackers match your geographic region via VPN to bypass location based security checks Video verification (when triggered) can be bypassed using deepfakes built from your own Instagram photos
What to do
- 1Enable two factor authentication (2FA) on Instagram right now
- 2prefer an authenticator app over SMS Limit public visibility of your home city, location tags, and personal details in your profile Watch your account email for unexpected change notifications and act immediately if one appears
Source
malwarebytes
Source reviewed by Mythos Forensic Team
https://www.malwarebytes.com/blog/ai/2026/06/metas-ai-support-bot-happily-handed-instagram-accounts-to-hackersFAQ
Is Meta AI Support Bot Handed Instagram Accounts to Hackers How to Protect Your Account a real scam pattern?
Yes. Treat the message, call, or payment request as suspicious until you verify it through an official channel.
What are the first warning signs?
Support chatbot performs credential changes (email, password) without robust identity verification Attackers match your geographic region via VPN to bypass location based security checks Video verification (when triggered) can be bypassed using deepfakes built from your own Instagram photos
What should I do first?
Enable two factor authentication (2FA) on Instagram right now; prefer an authenticator app over SMS Limit public visibility of your home city, location tags, and personal details in your profile Watch your account email for unexpected change notifications and act immediately if one appears
Can LegalAudit check my case?
Yes. Start a free chat and paste the message, link, sender, or payment details for triage.