A serious security vulnerability in Meta's AI-powered Instagram support system is actively being exploited, allowing threat actors to hijack high-value accounts with minimal effort. The flaw resides in an A/B-tested feature that appears to be rolling out to only a percentage of users, according to a detailed report shared on Hacker News. Attackers are leveraging the AI agent's account recovery workflow to send verification codes to attacker-controlled email addresses, effectively bypassing proper ownership verification and gaining access to accounts they don't own.

How the Exploit Works

The attack sequence is straightforward enough that it's now circulating in blackhat circles on Telegram as public knowledge. First, the attacker positions themselves with a proxy or VPN located near the target account's geographic region—likely to bypass basic location-based security checks. Then, they initiate an account recovery request through Meta's AI support interface and direct the agent to send the verification code to an email address under their control. Once the code arrives at that external mailbox, the attacker feeds it back to the AI agent, which dutifully responds with a password reset link. From there, it's just a matter of clicking through to seize full control of the Instagram account.

Over 100 Accounts Already Compromised

The original poster claims this vulnerability has been actively exploited for at least several days and has already resulted in the hijacking of over one hundred high-value Instagram accounts. The technique is described as publicly available knowledge within underground communities, making it trivially accessible to anyone with basic technical literacy and a willingness to engage in account theft. This isn't some theoretical vulnerability being discussed in academic circles—it's weaponized infrastructure sitting in production, and people are actively using it against real targets right now.

A Pattern of Unacknowledged Vulnerabilities

What's particularly frustrating about this situation is Meta's apparent reluctance to acknowledge security issues affecting its platforms. The poster notes that back in February 2026, a separate vulnerability existed that allowed anyone to view the email address and phone number associated with any Instagram account. That flaw was never publicly acknowledged by Meta either. The suggestion that an SEC 8-K filing might have been warranted for an issue of that scope underscores how seriously some observers take these recurring gaps in Meta's security response protocols.

Recommended Remediation

The Hacker News poster recommends an immediate and blunt response: disable the AI support feature entirely until this vulnerability is properly patched. Additionally, Meta should proactively revert accounts and usernames that were hijacked over the past several days. This isn't a situation where gradual rollout fixes make sense—every hour this remains unpatched represents additional compromise of user accounts that could have been protected with a simple feature flag toggle.

Key Takeaways

  • The vulnerability exploits Meta's AI support agent during account recovery workflows, allowing attackers to redirect verification codes to external email addresses
  • Over 100 high-value Instagram accounts have reportedly been compromised using this technique, which is now public knowledge in blackhat communities on Telegram
  • This follows a similar unacknowledged vulnerability from February that exposed account contact information for all Instagram users

The Bottom Line

Meta's AI support feature should be killed immediately—not patched later, not gradually disabled. When your security boundary breaks because an LLM agent trusts user input too readily during sensitive operations like password resets, you don't iterate on it while it's live. You pull the plug and rebuild trust before rolling anything new out. Users deserve better than being collateral damage in Meta's AI experiments.