Cybercriminals have exploited Meta's AI-powered support chatbot to hijack high-value Instagram accounts, including coveted short handles like @hey and @jowo. According to the security blog CyberSec Guru, the combined gray market valuation of these stolen accounts is estimated to be over $1 million. Hackers leverage these accounts for clout, resale, or brand impersonation.
The exploit illustrates a classic 'confused deputy' problem in computer security, where an authorized program is tricked into misusing its permissions. In this case, the deputy was Meta's large language model, which can be manipulated with words-unlike a deterministic program that requires code to bypass.
Users who had multi-factor authentication (MFA) enabled were protected. Even the most basic form, one-time codes via SMS, prevented the exploit from working. This incident highlights the risks of deploying AI agents with elevated permissions that can modify or delete critical data.
Meta launched its AI support assistant in March 2026, promising 24/7 support for nearly any issue. Security experts recommend out-of-band verification, rate limiting, action logging, and hard deterministic gates to prevent such attacks in the future.