One AI stole it and another can't fix it, zero humans in the loop
In the architecture of digital trust, a single flaw can become a door left open to anyone who knows how to knock. Last week, Instagram's AI support chatbot was manipulated into surrendering account access to strangers — no human oversight, no verification, only a spoofed location and a simple request. Meta has since closed the gap, but the episode illuminates a deeper reckoning: when automation is granted the authority to hold the keys, the question of who truly owns an account becomes dangerously negotiable.
- Hackers found they could impersonate any Instagram user by masking their location with a VPN and asking the AI chatbot to link a new email — the bot complied without a single human review.
- High-profile accounts fell: Barack Obama's verified presidential Instagram was seized and used to post pro-Iran content, while a former Meta security engineer discovered her own password had been changed without her knowledge.
- The full scale of the breach remains hidden — Meta has not said how many users were affected, has not confirmed whether victims are being notified, and did not answer questions about whether human support staff are still available.
- Security experts warn the incident is a symptom of a systemic failure: AI customer service tools given excessive authority and minimal verification create an attack surface that grows with every automation decision made in the name of efficiency.
Last week, Instagram's AI support chatbot became an unwitting accomplice. Hackers discovered that by spoofing their location through a VPN to match a target account's registered region, they could ask Meta's AI assistant to link a new email address to someone else's account. The chatbot sent a verification code to the attacker's inbox. An automated password reset link followed. No human ever reviewed the request. The account was gone.
The method was documented publicly by cybersecurity researcher Dark Web Informer, who noted with grim precision that no humans existed anywhere in the chain — neither to carry out the attack nor to catch it. The vulnerability coincided with a wave of notable compromises. Barack Obama's verified Instagram account was taken over and used to publish pro-Iran content before being recovered. Security researcher Jane Manchun Wong — a former Meta security engineer — discovered her own password had been changed without her authorization and flagged multiple unauthorized reset attempts on her account.
Meta has since patched the flaw, but has disclosed neither the number of affected accounts nor whether users are being notified. The company also declined to answer whether human support staff remain available for compromised account cases — a silence that carries its own weight, given a separate report that Meta almost never responds when a European Union dispute body raises cases of wrongful account bans.
The incident crystallizes a tension that runs through the entire technology industry. NordVPN's chief technology officer put it directly: AI systems given too much authority and too little verification become liabilities the moment someone decides to test their limits. Instagram built its chatbot to help people get back into their accounts. In doing so, it handed the same capability to anyone willing to ask.
In the span of a few days last week, Instagram's artificial intelligence support tool became a skeleton key. Hackers discovered they could trick the chatbot into handing over access to accounts that weren't theirs—by spoofing their location, requesting a password reset, and letting the bot do the rest. Instagram has since patched the vulnerability, but the damage was already done, and the incident has exposed something uncomfortable about how the company now handles account security.
The exploit worked like this: A hacker would search for a target account through Instagram's account recovery system. Using a virtual private network to mask their location as the real owner's, they would message Meta's AI support assistant with a simple request—link a new email address to the account and send a verification code. The chatbot complied. It sent the code to the attacker's email. Once verified, an automated message arrived with a password reset link. No human ever looked at the request. No one asked questions. The account changed hands.
Screenshots and videos posted to social media showed the process step by step. Cybersecurity researcher Dark Web Informer documented the hack on X, adding a blunt observation: "We're at the point where one AI stole it and another can't fix it, zero humans in the loop anywhere." The vulnerability coincided with a wave of high-profile account takeovers. Barack Obama's verified Instagram account—the one maintained during his presidency—was compromised and used to post content favorable to Iran before it was recovered. Jane Manchun Wong, a security researcher who previously worked at Meta as a security engineer, reported that her Instagram password had been changed without her knowledge and that she had seen multiple unauthorized password reset attempts on her account. "Quite concerning," she wrote.
The full scope of the breach remains unknown. Meta has not disclosed how many accounts were affected or whether the company is notifying users whose accounts were targeted. What is clear is that the vulnerability exposed a fundamental tension in how tech companies now operate: the drive to automate customer service has collided with the need to protect the most sensitive part of any platform—the keys to people's accounts.
Marijus Briedis, chief technology officer at NordVPN, framed the problem plainly. As companies across every sector increasingly replace human customer service with AI chatbots, he said, the risk compounds when those bots are given "too much authority and too little verification." Account recovery, he argued, should never prioritize convenience over security, because the person asking for access may not be the rightful owner. The irony is sharp: Meta built an AI system to help people regain access to their accounts, and that same system became a tool for stealing them.
The BBC asked Meta whether human support workers remain available to help users whose accounts have been compromised. The company did not respond to that question. Separately, an independent body that hears disputes from social media users in the European Union reported last week that Meta virtually never replies when it raises cases of people who say they have been wrongly banned from their accounts. The pattern suggests a company increasingly reliant on automation, with fewer humans available to intervene when things go wrong.
Notable Quotes
Quite concerning— Jane Manchun Wong, security researcher and former Meta employee, on having her password changed without knowledge
Account recovery should never rely on convenience alone, because the person asking for access may not be the rightful owner— Marijus Briedis, chief technology officer at NordVPN
The Hearth Conversation Another angle on the story
Why does this matter beyond the people whose accounts were stolen? It seems like a straightforward security failure.
Because it reveals how Meta has structured its entire relationship with users. They've automated account recovery to the point where no human ever touches the decision. That's efficient until it isn't—and then there's no one to call.
But couldn't they just add a verification step? A text message, a security question?
They could. But that costs money and slows down the process. The chatbot was designed to be frictionless. The problem is that frictionless access is exactly what a hacker wants.
Is this a Meta problem or an AI problem?
It's both. The AI did what it was programmed to do—help people regain access. But Meta programmed it with too much trust and no oversight. That's a choice, not an inevitability.
What happens to the people whose accounts were hijacked?
They get their accounts back, probably. But Meta hasn't said whether they're notifying victims or investigating how the accounts were used. For someone like Jane Manchun Wong, a security researcher, the irony is especially bitter.
What comes next?
Meta will likely add human verification to account recovery. But the deeper question—whether AI should handle sensitive account access at all—that's still unresolved.