Recently, several Instagram users reported a bizarre security flaw where attackers hijack high-profile accounts by simply chatting with Meta’s AI support bot. Hackers even managed to change the primary email addresses linked to target profiles and lock the real owners out completely. Following a massive public outcry, the company claimed to have resolved the issue. Unfortunately, the crisis is far from over, as Instagram account hacks using Meta AI keep emerging via the same method.
The illusion of a security patch
When the story initially broke, Meta‘s Vice President of Communications, Andy Stone, announced that the corporation had addressed the vulnerability and secured the affected profiles. He noted that some users might notice password reset notifications or face security questions while logging back into their accounts.
However, more victims are proving that the problem remains live, as Android Authority reports. Notable software reverse engineer and code sleuth Jane Manchun Wong recently revealed that attackers successfully hijacked one of her secondary, rare four-letter usernames. Even more alarming, her primary Instagram account password was changed without her knowledge shortly after. Both of these security breaches occurred after Meta publicly claimed the exploit was dead.
Dozens of commenters have since stepped forward to corroborate Wong’s findings. So, everything indicates that this hijack route is still open. Even Esther Crawford, a Director of Product Management at Meta, recently lost her unique five-letter handle to the persistent flaw.
Hiding the door instead of locking it
How did a supposedly patched exploit stay active? Security researchers sharing updates via the Bugify Vault Telegram channel offer a troubling explanation. They claim that Meta’s development team did not actually fix the underlying vulnerability. Instead, engineers merely removed the “Get Support” button from the application’s frontend interface.
Removing the button prevents casual users from stumbling into the chat exploit. However, it did absolutely nothing to protect the platform’s backend architecture. The API endpoints for Meta AI remain entirely unprotected and open to the web. Knowing the door is still unlocked, skilled hackers have simply bypassed the missing app interface entirely. Attackers are now using custom automated scripts and Telegram bots to communicate directly with Meta’s vulnerable backend API. This allows them to keep stealing Instagram accounts with zero friction.
The persistence of this exploit reflects the larger problems Meta is facing right now. Massive, AI-focused staff reassignments and corporate layoffs reportedly reduced Instagram’s core Trust and Safety division by a staggering 60%. With a depleted human workforce left to audit these complex, automated systems, a lazy user interface tweak was allowed to pass as a security fix. Until Meta properly protects its backend infrastructure, the platform’s most valuable usernames remain completely up for grabs.
The post Instagram Users Still Getting Hacked After Meta’s Promised AI Bot Exploit Fix appeared first on Android Headlines.
