Incident · curated 27 Jun 2026
First reported 1 Jun 2026 · 26d ago
Single-source incident — first reported, latest, and curated coincide.
It shows how an over-privileged AI support agent without proper verification can be socially engineered into performing account takeovers at scale on a major platform.
Reports claim Meta's AI support agent for Instagram was granted account-modification permissions without identity verification, allowing attackers to manipulate the bot into changing account emails and bypassing 2FA, leading to live account takeovers. Multiple users reported losing accounts before the issue was reportedly patched.
Why it matters
It shows how an over-privileged AI support agent without proper verification can be socially engineered into performing account takeovers at scale on a major platform.