The widespread hacking campaign that relied on simply asking Meta AI\u2019s chatbot to take over a victim\u2019s Instagram account appears to have continued even after the company said the issue had been resolved. Meanwhile, the company has been scrambling to secure the targeted accounts and alert victims.\u00a0<\/p>\n
Over the weekend, hackers claimed to be exploiting Meta\u2019s AI support chatbot<\/a> to take over several high-profile Instagram accounts. At the same time, a large<\/a> number<\/a> of<\/a> people<\/a> complained<\/a> on social media that their Instagram accounts had been hacked, some of them with unique short user profile handles.\u00a0<\/p>\n TechCrunch has seen examples of allegedly hacked handles featuring common forenames or names of countries, which can be then re-sold almost as collectibles in a gray market for so-called \u201cOG handles.\u201d Other victims of the hacking spree appeared to be the dormant Obama White House<\/a> account (which Meta disputed), and the account of the U.S. Space Force\u2019s chief master sergeant John Bentivegna<\/a>.<\/p>\n These attacks were so simple that calling them hacks may be giving the people behind them too much credit, while at the same time not putting enough blame on Meta for not preventing rudimentary attacks from hijacking people\u2019s accounts.<\/p>\n Hackers simply told Meta\u2019s AI chatbot that they were the owners of the target\u2019s account, and asked the bot to link that person\u2019s account to an email they controlled. The chatbot complied with the request, allowing the hacker to reset the target account\u2019s password and take control of the account \u2014 in some cases locking out the victims. At no point were Meta employees or contractors involved in the chat.<\/p>\n On Monday, Meta spokesperson Andy Stone said<\/a> that \u201cthe issue that did happen has already been fixed.\u201d\u00a0<\/p>\n On Tuesday, however, more Instagram<\/a> users<\/a> claimed to have had their accounts hacked.\u00a0<\/p>\n At the same time, TechCrunch has seen discussions among members of a Telegram channel where the hacking technique had been publicized, who claimed to still be able to exploit Meta\u2019s AI chatbot, and they were advertising apparently hacked handles for sale, including at the time of TechCrunch\u2019s writing. (It\u2019s important to note that it\u2019s hard to know for sure if all these accounts were hacked due to the same technique.)\u00a0<\/p>\n \t\t\tDo you have more information about these Instagram hacks? We\u2019d love to hear from you. From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email<\/a>.<\/a>\t\t<\/div>\n In a later post on X<\/a>, Stone said: \u201cSome people may receive password reset notifications and some may be asked security questions when they try and log into their accounts.\u201d<\/p>\n Stone told TechCrunch in an email that Meta secured affected accounts on Monday, then began sending password reset emails. When asked by TechCrunch, Stone would not say how many users were hacked.<\/p>\n Several people have reported that Meta has begun notifying users that they were being targeted. As 404 Media noted<\/a>, Meta announced<\/a> in March that it was implementing AI to automate its support to users, saying the AI-powered chatbot was \u201cdesigned to resolve account issues from start to finish,\u201d and would have the ability to \u201creset your password securely.\u201d That suggests the chatbot can perform actions that may have previously required a human in the loop, given how critical they were.\u00a0<\/p>\n For years, there has been a flourishing market<\/a> where hackers stole and then sold \u201cOG\u201d usernames, referring to the usernames and handles taken by the earliest users of Instagram. In the past, however, taking over those accounts required more complex strategies, such as phishing the victim, taking over their phone number, or bribing insiders at telecom providers.<\/p>\n Here, the hackers just asked, and Meta\u2019s chatbot dutifully complied.<\/p>\n<\/div>\n When you purchase through links in our articles, we may earn a small commission<\/a>. This doesn\u2019t affect our editorial independence.<\/em><\/p>\nContact Us<\/h4>\n
Victims publicly<\/a> reported receiving emails from Instagram warning them that the company had \u201cdetected some suspicious activity that suggests your Instagram may have been compromised.\u201d The message also said that the company took measures to secure the account, and asked the user to reset their password.<\/p>\n![\"\"](\"https:\/\/techcrunch.com\/wp-content\/uploads\/2026\/06\/Screenshot-2026-06-03-at-10.26.14-AM.png?w=680\")