Instagram Account Hijack Investigation

Consumer Protection, Data Breach, Deceptive Trade Practice

By: Anish Amin

Migliaccio & Rathod LLP is investigating reports that certain Instagram users may have had their accounts improperly accessed or hijacked through an alleged security vulnerability involving Meta’s AI-powered support systems.

Recent public reports and user complaints suggest that hackers may have been able to manipulate Meta’s AI support chatbot into granting unauthorized password-reset access to Instagram accounts without first compromising the legitimate account holder’s email address. Security researchers and users allege that attackers were able to add unauthorized email addresses to accounts and reset passwords through interactions with Meta’s automated support tools.

The investigation is examining whether Meta adequately secured its account-recovery systems and whether affected users were provided sufficient safeguards against unauthorized account access.

Potentially Affected Accounts

Potentially impacted accounts may include:

  • personal Instagram accounts;
  • creator and influencer accounts;
  • business or organizational Instagram accounts;
  • verified Instagram profiles;
  • legacy or inactive Instagram accounts.

Alleged Common Problems

Users have reported:

  • unauthorized password-reset attempts;
  • account email addresses allegedly changed without authorization;
  • complete loss of access to Instagram accounts;
  • suspicious login activity;
  • inability to recover compromised accounts;
  • disruption to business, creator, or personal account activity;
  • loss of account content, followers, or communications.

AI Support & Security Concerns

Public reporting has suggested that attackers may have exploited weaknesses in Meta’s AI-powered support and account-recovery systems to improperly gain access to user accounts. The investigation is examining whether Meta implemented adequate verification procedures before allowing account modifications or password resets through automated support tools.

The investigation is also examining whether Meta provided timely notice, effective recovery assistance, and sufficient account protections for affected users.

Consumer Protection & Data Privacy Considerations

The investigation is examining whether the alleged conduct may violate consumer-protection statutes, privacy laws, data-security obligations, or other legal duties relating to account security and unauthorized access prevention.

Contact

If your Instagram account was taken over, locked, or accessed without authorization and you believe the incident may have involved Meta’s support or account-recovery systems, we would like to hear from you. Please complete the contact form on this page, send us an email at [email protected], or give us a call at (202) 470-3520.

    Your Name (required)

    Your Email (required)