Hackers reportedly abused Meta’s AI support bot to take over Instagram accounts through a bizarre account-recovery loophole

KrebsOnSecurity reports that attackers used Meta’s AI support bot to seize Instagram accounts, turning an automated help workflow into an account-takeover path. The incident highlights how customer-support automation can become a security liability when identity checks and recovery steps are weak.

As platforms push more support interactions to AI, attackers are probing these systems for social-engineering and workflow flaws. The case shows that account recovery remains one of the highest-risk areas for consumer platforms, especially when automation replaces human judgment without stronger safeguards.