Deepfake Videos Exploit Meta AI Support to Hijack Rare Instagram Handles

Meta’s experimental customer service pipeline on Instagram allows attackers to easily bypass identity checks by feeding synthetic media to an automated chatbot.

The security flaw emerged within an experimental account recovery feature that Meta was A/B testing on a subset of Instagram users in late May 2026. Users included in the test group could not opt out of the automated support pipeline, which replaced traditional human identity verification with a conversational chatbot. Malicious actors quickly discovered that the recovery agent’s logic layer lacked robust validation checks, turning a customer service convenience into a vector for unauthorized takeovers.

Intruders initiated the “Forgot Password” sequence and claimed their target’s profile had been compromised. By routing their traffic through a virtual private network (VPN) to match the target’s approximate location, they successfully mimicked the legitimate owner’s region. When the conversational chatbot requested a video selfie for identity confirmation, the intruders uploaded a synthetic animation created from a public profile photo, which the system accepted as valid.

Security researcher André, writing under the handle @oracles, detailed the simplicity of the verification bypass, “Instagram’s AI support flow asks them to verify with a selfie. They grab a photo from the target’s profile, run it through an AI video generator to make an animation of the person’s face moving around, upload that to Meta’s AI as proof. And Meta’s AI just accepts it because it can’t tell the difference between a real selfie and an AI-generated video of someone’s face.”

A secondary variation of the security bypass occurred through a direct logic error. In those scenarios, the chatbot prompted the user to confirm a recovery email, but allowed the attacker to supply an arbitrary address under their own control. Once the system delivered the verification code to the unauthorized email, the attacker relayed the code back to the chatbot to generate a password reset link, immediately revoking active sessions and bypassing active two-factor authentication.

The exploit compromised more than one hundred high-value profiles, including highly coveted short handles like @hey and @jowo, which quickly surfaced for sale on black-market Telegram channels. The most prominent casualty involved the archived @obamawhitehouse account, which held approximately 2.4 million followers. Following the compromise, the hijacked profile briefly displayed Iranian political propaganda and anti-Trump narratives before Meta’s security teams regained control and removed the unauthorized posts.

Affected users who attempted to reclaim their stolen handles found themselves trapped in the recovery pipeline with no option to escalate their cases to human representatives. Prominent victims, such as Albert Renshaw, publicly reported being locked out of their digital assets with no customer support infrastructure available to address the automated theft. While the social media giant quietly patched the loophole following public disclosure, the company issued no formal statement regarding the failure or the total count of compromised accounts.

Chain Street’s Take

The automated failure highlighted the severe systemic risk of removing human oversight from critical security gates. When Meta deployed a defensive AI system that was fundamentally blind to cheap, offensive generative tools, the company effectively handed the keys of the platform to anyone with a VPN and an image generator. The complete absence of human escalation protocols during the crisis proved that the corporate rush to cut support costs through automation left even verified, high-profile users entirely defenseless.