Skip to main content
Emerging Threats

Meta AI Exploited to Hijack High-Value Instagram Accounts

"We're at the point where one AI stole it, and another can't fix it, zero humans in the loop anywhere," said the @korn account owner identifying as Kornel.

How attackers exploited Meta's AI-powered support

Multiple Instagram users lost control of rare or high-value accounts after attackers used the platform’s AI-driven support flows to convince Meta’s systems they were legitimate owners. According to published reports, the takeover began by activating Instagram’s "forgot password" process. When Meta’s AI assistant prompted for a selfie verification, attackers supplied an AI-generated video derived from a static photo taken from the target’s account. That animated video reportedly passed the platform’s automated checks, allowing the attacker to change the email address on the account and then request a password reset, ultimately taking full control.

Specific accounts and scale of impact

On Monday multiple holders of rare and high-value accounts reported sudden lockouts. Affected handles named in reporting include an account previously used by the Obama White House team, app researcher Jane Manchun Wong, the one-word accounts @hey and @korn. The @korn account owner told reporters the band never officially claimed the account and is using another one; the owner — who identified as Kornel — described being trapped in an automated support loop while trying to recover access.

Why selfie checks and 2FA were bypassed

Reporting says attackers converted publicly available profile photos into short animated videos via an AI video generator and uploaded those to Meta for the selfie verification step. "Meta’s AI just accepts it because it can’t tell the difference between a real selfie and an AI-generated video of someone’s face," user André said, adding that the takeover method bypassed two-factor authentication protections.

Journalists also reported that some attackers used VPN services to appear to connect from the target’s usual region, a step intended to pass geolocation checks that would otherwise trigger a stricter login flow. After changing the email tied to the account, attackers could complete password resets by receiving the security code sent to the newly associated address.

Support failures: AI loops, broken links, and limited verification

Those who tried to reclaim accounts reported being routed into automated assistance loops with no human intervention available to escalate the case. Kornel said they "spent 6 hours trying to get human support, and Meta's support AI gave me 4 broken links in a row." Another user summarized the experience: "Then you try to recover your account, and you’re talking to a chatbot that has zero ability to help. You can’t escalate to a human. You’re just stuck."

Claims about one-letter usernames and market value

Some online reports suggested the @e and @f one-letter accounts were obtained through an active exploit; others disputed that claim, arguing the usernames were secured by an individual with internal privileges. BleepingComputer said it was not able to independently verify either explanation. The reporting also noted that single-letter social media accounts are very rare and command high prices on the black market, "typically in the tens of thousands of U.S. dollars."

Meta's public reply and outstanding questions for platform operators, technologists, and users

Meta has not issued a formal press release at the time of reporting, though the company’s vice president of communications, Andy Stone, replied on social media to an affected user saying the "issue has been resolved, and we are securing impacted accounts." BleepingComputer contacted Meta for comment and had not received a reply as of publication.

What this means for technologists, affected users, and platform operators

  • Technologists and security teams: The reported attack uses AI-generated media to defeat automated biometric checks and leverage automated support flows. Teams responsible for account recovery and identity verification will want to examine how automated checks differentiate between live captures and synthetic media, and whether additional controls are needed around changing account recovery addresses.
  • Affected users and account owners: Holders of rare or publicly visible accounts — including notable one-word and single-letter handles — should be aware that published profile imagery can be repurposed to try to pass automated verification, and that recovery can be stymied if human escalation is not available.
  • Platform operators (Meta) and regulators: The incident raises questions about the reliance on end-to-end automated verification and support, and whether processes exist for urgent human review when high-value or suspicious account changes occur. Meta’s short social reply that the issue was "resolved" leaves open the specifics of mitigation and whether affected accounts have been fully restored and protected.

Meta’s acknowledgement that it was securing impacted accounts is the clearest public step so far; however, the accounts taken, the method described, and the reported absence of a human escalation path together leave a narrow set of concrete facts and several unresolved technical and procedural questions about how platforms will defend against AI-assisted account theft going forward.

Source: BleepingComputer — Instagram users locked out after Meta AI abused to steal accounts