Several instagram Users had their accounts hijacked after attackers tricked Meta’s AI-powered support tools into believing they were the rightful owners.
Many of those affected have been unable to regain access because Meta’s automated support relies on AI chatbots running in a loop without offering a way to escalate to a human agent.
The attacks, which began being reported on Monday, targeted rare and high-value accounts. The affected accounts reportedly included one previously used by the Obama White House team, one belonging to app researcher Jane Manchun Wong, and the @hey and @korn accounts.
Some users said their identities had been verified through facial scans and that they had two-factor authentication enabled, but they still lost access.
How attackers tricked Meta’s AI support into handing over Instagram accounts
Several reports indicate that the acquisition process was simple:
- The attacker starts by activating the “Forgot Password” feature, claiming that the account was hacked.
- When Instagram’s AI assistant requests a selfie for verification, the attacker uploads a photo taken from the target’s public account.
- This photo is then processed through an AI video generator to create an animation.
- The animated video is uploaded to Meta and accepted as valid identity verification. Once verified, the attacker changes the associated email address.
- With the email updated, they initiate a password reset and receive the security code needed to take full control of the account.
User André mentioned that “Meta’s AI just accepts it because it can’t distinguish between a real selfie and an AI-generated video of someone’s face,” adding that this method bypasses two-factor authentication.
Some reports also indicate that attackers used VPN services to make it appear that they were connecting from the target’s usual region, passing geolocation checks that would normally trigger a more secure login process.
A common complaint is difficulty communicating with a human support agent during recovery. Account owner @korn said he spent six hours trying to contact support and received four broken links from Meta Support AI.
“We’re at the point where one AI stole it and another can’t fix it, with no humans involved,” the account owner said. André shared a similar experience: “You’re talking to a chatbot that has no ability to help. You can’t escalate to a human. You’re just stuck.”
Why weird Instagram accounts are attacked and how Meta responds
Rare accounts, including single-letter usernames, have a high value on the black market, often reaching tens of thousands of dollars. Some reports say that the single-letter @e and @f accounts were obtained through an active exploit, while others suggest that those usernames were protected by someone with insider access. BleepingComputer noted that it was unable to independently verify any of the claims.
Goal has not issued an official statement. The company’s vice president of communications, Andy Stone, responded to a user on social media saying that the issue has been resolved and that they are securing the affected accounts.
BleepingComputer contacted Meta for comment but had not received a response at the time of publication.
What Instagram users can do to reduce their risk
The attack takes advantage of Meta’s verification and recovery systems rather than a vulnerability on the user’s device, limiting what individuals can do to prevent it entirely. However, users can take steps to reduce their risk and improve their chances of recovery:
- Limit the number of public profile photos that clearly show your face, as attackers use these images to create verification videos.
- Keep your account recovery contact details, such as email and phone number, up to date and protected with strong, unique passwords.
- Enable two-factor authentication, although it’s worth noting that this attack reportedly bypassed it. Still, two-factor authentication provides additional security against more common credential-based attacks.
- Document proof of account ownership, such as your original registration email and creation date, in case manual recovery is necessary.
- Be on the lookout for unexpected notifications about password resets or email changes and act quickly if you see anything unusual.
The main vulnerability lies in Meta’s AI-powered verification process, which accepts AI-generated facial videos. Until Meta improves this aspect of its verification system, users with high-value accounts will continue to be at greater risk.
Meta has said that the specific incidents have been resolved, but has not provided details on the changes made to prevent similar AI verification bypasses from occurring again.
