Hackers have reportedly exploited a vulnerability linked to Meta Platforms’ AI-powered support system to take over high-value and celebrity Instagram accounts. Security researchers say the flaw remained active for months before being fixed, allowing attackers to access premium usernames and resell them on underground markets for large profits.
According to investigators, attackers combined VPN tools with account recovery procedures to bypass basic verification checks. Subsequently, they interacted with Meta’s AI support chatbot and manipulated it into approving changes such as email updates linked to targeted Instagram accounts, enabling unauthorized access.
Read more : Govt setting up AI advisory panel to boost digital transformation
Researchers further explained that hackers used location masking techniques and repeated password reset requests to increase success rates. As a result, the system was tricked into processing account modifications, especially for high-value usernames that hold strong branding and resale value in online markets.
Security experts noted that stolen accounts included rare and short Instagram handles, which are highly valued due to scarcity and commercial demand. In some cases, these usernames were reportedly sold for hundreds of thousands of dollars, highlighting the scale of the underground trading network.
Read more : Instagram empowers users with smarter feed control –
Additionally, experts described the method as a prompt injection attack, where attackers exploit AI systems by feeding carefully designed instructions. Some compromised accounts even posted unauthorized content temporarily before access was restored, raising concerns about system control and response delays.
Meta reportedly patched the vulnerability on May 29 after growing alerts from researchers and cybersecurity analysts. Meanwhile, experts emphasized that multi-factor authentication helped protect many accounts and warned that stronger safeguards, including verification layers and anomaly detection, are essential to prevent future AI-related security breaches.