Instagram accounts continue to be hacked as hackers claim Meta only removed a UI button

Affiliate links on Android Authority may earn us a commission. Learn more.

Meta’s overreliance on its Meta AI support chatbot (and its recent AI-centric layoffs) is coming back to bite it. Hackers hijacked several high-profile Instagram profiles by sending simple text prompts to Meta AI that changed the target profile’s associated email address. Meta’s Vice President of Communications, Mr. Andy Stone, stated that the “issue has been resolved and we are securing impacted accounts.” However, it seems the issue hasn’t been resolved, as Instagram accounts continue to be hijacked, with some users claiming Meta has only removed frontend access to the hack while leaving the backend intact!

Notable reverse engineer and code sleuth Jane Manchun Wong claims that one of their secondary accounts with a four-letter username was hacked, despite having two-factor authentication enabled.

Wong’s primary Instagram account password was once again changed without their knowledge.

Both incidents occurred after Meta claimed the issue was fixed.

Under Wong’s posts, so many commenters corroborate that the issue is still ongoing. Notably, even Esther Crawford (formerly Director of Product Management at Twitter/X and currently Director of Product Management at Meta) claims that their five-letter Instagram handle was hacked.

Meta’s Andy Stone subsequently mentioned (in response to another post) that the company had “already secured impacted accounts,” and that some people may receive password reset notifications, while others may be asked security questions when they try to log in.

However, users of the Bugify Vault Telegram channel claim that Meta’s “fix” for the issue was simply removing the “Get Support” button from the frontend UI. This prevents users from easily accessing the hack but doesn’t actually fix the vulnerability, since the API endpoints for Meta AI allegedly remain accessible.