Hackers found a way to trick Meta's AI support chatbot into helping them hijack high-value Instagram accounts, including @hey and @jowo. Security researchers confirmed the attacks netted accounts worth over $1 million on the gray market. The stolen handles were attractive targets for their short names and potential uses in impersonation schemes.

The exploit worked by manipulating the language model's probabilistic responses rather than breaking traditional code-based security. This represents a classic "confused deputy" vulnerability, where an AI with elevated permissions was duped into acting on behalf of attackers. Unlike deterministic programs, LLMs can be nudged with carefully crafted prompts to bypass normal safeguards.

Accounts with multifactor authentication remained protected even against this novel attack. Researchers found that even Instagram's least robust MFA option—SMS one-time codes—successfully blocked the exploit. This suggests basic security hygiene still works against emerging AI-powered threats.

The incident reveals risks as companies rush to deploy AI agents with broad permissions. Meta launched its AI support assistant in March 2026 promising 24/7 help for any support issue. Security experts say safer implementations need verification steps, rate limiting, and logging to catch anomalous AI-driven changes.