Instagram users scramble to recover hundreds of rare and highly valuable accounts after hackers on Sunday found a way to exploit Meta’s AI-powered account recovery systems and hijack accounts in real time.

Rare Instagram handles vanish in real time

Users reported losing “OG” handles – rare usernames often worth hundreds of thousands of dollars on underground markets – including some accounts owners say were locked down with two-factor authentication and additional protections.

“I own a few rare handles myself, and honestly, this was the first time in years I’ve watched a social media exploit unfold in real time and actually felt stressed watching it happen,” André Berquó, AI investor and writer, posted on X.

“What made the situation especially alarming was not just the scale – but how absurdly simple the alleged attack chain appeared to be,” Berquó said.

The attackers – allegedly linked to pro-Iranian hacktivists – immediately put the stolen accounts up for sale on Telegram as users tried in vain to recover them via Meta’s chatbot, which had "zero ability to help."

Compromised accounts have been reportedly tied to high-profile organizations and public figures, including US Space Force Chief Master Sgt. John F. Bentivegna and the Obama White House-era Instagram account, although the Obama account has been silent since 2017.

"Thank you for the messages about my Instagram account. We are working with the appropriate teams to regain access and resolve the issue as quickly as possible," Bentivegna said, acknowledging the Instagram account takeover on his Facebook page.

The attackers even managed to hijack the account of security researcher Jane Manchun Wong, who also posted about the Instagram hack on X.

“The password got changed without my knowledge, and I was getting different password reset attempts throughout yesterday. And I got repeatedly logged out from the IG iOS app. Quite concerning,” Wong wrote.

AI-generated selfies fool Meta systems

The hackers were said to have exploited a prompt-injection flaw in Meta’s AI, taking advantage of Instagram’s automated “account hacked” and password recovery systems.

This allowed the bad actors to manipulate Meta’s two-factor authentication system using publicly available location information and selfies pulled directly from account holders' profiles.

“The whole process reportedly took minutes,” according to The CyberSec Guru, which published a blog post describing the ordeal Monday.

“Recovering a locked account – especially a high-value one can take weeks of back-and-forth with an automated ticketing system. Meta’s solution was to deploy a conversational AI layer to handle common recovery workflows: relinking a lost email address, triggering a password reset, verifying account ownership,” The CyberSec Guru said.

To convince the platform of legitimate account ownership, the hackers began the process using a VPN configured to match the target victim’s geographic region – simply taking the location information from the victim’s own profile.

The attackers also used AI-generated selfie videos created from public Instagram photos to pass Meta’s identity verification checks.

According to reports, the scraped profile pictures were fed into AI video-generation tools, creating animated facial clips that were then submitted to Meta’s automated verification systems as proof of identity.

Once verified, the hackers changed the email address associated with the account so the password reset link was redirected to the attacker-controlled email account, effectively giving them ownership of the account.

Victims locked out by chatbot recovery system

Although Meta later acknowledged the issue and said the exploit had been patched, for many users, the most frustrating part came after the compromise.

“We fixed an issue that allowed an external party to request password reset emails for some Instagram users. There was no breach of our systems and people’s Instagram accounts remain secure,” Meta said in a statement after releasing the hotfix on Monday.

However, many victims attempting to recover their accounts described being trapped in Meta’s automated chatbot system, with little or no apparent path to a human support representative.

Berquó described it as “one AI system fooling another AI, while there’s literally no person to stop it.”

“You can’t escalate to a human. You’re just stuck. Your asset is gone, and there’s no one to call. The whole thing just highlighted how stupid it is to automate account security without any human in the loop,” Berquó said.

The conversation on this topic is live. Join in the discussion.

Describing it as a “confused deputy” attack, The Cybersec Guru explained the atack as one where a hacker tricks a trusted system into performing an action on their behalf.

The system itself isn’t hacked directly. Instead, the attacker convinces the system to misuse its own special access or permissions. In this case, Meta’s AI recovery system is the “trusted helper” with permission to reset passwords and recover accounts.

“The difference from historical examples is that the “deputy” here is an LLM, which makes it substantially easier to manipulate than a traditional application,” The CyberSec Guru said.

The attack surface isn’t a parser or a memory address, such as in an SQL injection or buffer overflow attack, the blog explained.

“It’s the model’s own language understanding. And that surface is enormous.”

To avoid becoming a victim of an account takeover, The CyberSec Guru recommends all users:

• Move off SMS-based 2FA and use an authenticator app or a hardware key.
• Use an unlisted email for your Instagram account.
• Generate a fresh set of backup recovery codes and store them offline.
• Check active sessions periodically. Anything you don’t recognize, terminate it.
• If you receive an unexpected password reset email from Instagram, open the app directly and verify the linked contact information is yours.

---

Unlock more exclusive Cybernews content on YouTube.