For Malaysians who run a side business out of an Instagram DM, the weekend's news lands harder than the usual phishing alert. The route attackers used to take over Instagram accounts had nothing to do with weak passwords or recycled emails. They asked Meta's own AI helpdesk to do the work for them, and it did.
Instagram has since fixed the gap. The harder question is what it says about the trust we extend to AI support chatbots that sit between us and the platforms we depend on.
Editor
Kai T chevron_right
Table of Contents
How the Hack Worked
TechCrunch's Lorenzo Franceschi-Bicchierai reported on 1 June that Instagram had quietly patched a flaw in the way Meta AI Support Assistant handled account-recovery requests. Over the weekend, posts on Reddit and X surfaced multiple takeovers, including the dormant Instagram handle once used by the Obama White House and the account of the US Space Force's chief master sergeant, John Bentivegna. Security researcher Jane Wong said on X that her own Instagram account had been hijacked the same way, with password-reset emails arriving without her input.
A video circulating on X laid out the recipe step by step. The attacker first used a VPN to spoof the target's usual location, which kept Instagram's automated location checks quiet. The attacker then opened a chat with Meta AI Support Assistant and asked the bot to add a new email address to the target's account. The chatbot complied, sending a verification code straight to the attacker-controlled inbox. TechCrunch verified the code did arrive in the public mailbox shown in the video. At no point did the attacker need access to the original email address linked to the account.
On Monday, Instagram spokesperson Andy Stone replied to Wong's thread saying the issue was now fixed. Meta did not respond to TechCrunch's request for comment, and neither Meta nor Instagram has said how many accounts were taken over while the gap was open.
What This Means for Malaysian Users
Instagram in Malaysia is not a side platform. DataReportal's April 2026 snapshot puts the country at 16.7 million Instagram users, roughly 46.9 per cent of the population. Women make up 54.5 per cent of that base. The 25-to-34 cohort is the single largest at 6.3 million. For a creator, a beauty brand, or a roti-canai stall that runs orders through DMs, the account is the business. A 30-minute takeover window is a takeover of the cash flow.
The legal exposure for any Malaysian business that holds customer data in those DMs changed last year. Under the amended Personal Data Protection Act that took effect on 1 June 2025, a data controller must notify the Personal Data Protection Commissioner within 72 hours and affected users within seven days of any breach that causes "significant harm". The Commissioner's guideline lists financial loss, identity theft, reputational damage, and loss of access to essential services as examples. An account hijack ticks several at once. Failure to notify carries a fine of up to RM250,000 and up to two years' imprisonment.
What the PDPA does not reach is Meta itself, since the breach was on a foreign platform's infrastructure, not on a locally incorporated controller. The regulator clock starts only for the Malaysian business that processed customer data through the hijacked account. In practice, the harder consequence still lands on the operator directly: a flooded enquiries inbox, a missed Shopee Live slot, an influencer who suddenly cannot prove that the handle is hers.
The Pattern Keeps Repeating
This is the third AI-agent-as-attack-surface story Productnation has covered in two weeks. In late May we wrote up the single-character flaw in the Starlette framework that turned every FastAPI agent into an authentication-bypass target. Days later came a phishing wave aimed at Signal's Secure Backups recovery keys. The Meta AI takeover is a third version of the same idea. Each new layer of AI convenience around an account is a fresh layer to subvert.
For Malaysian teams now shipping support chatbots on top of Llama, Gemini, or Claude, the lesson is concrete: any action that can change an account's contact details should demand a human-confirmable second factor on the original device, not on a "new" one the chatbot has been asked to remember. Logging the prompt is not the same as logging the consent.
What to Do This Week
For individual users, the cheap fix is to turn on two-factor authentication via an authenticator app rather than SMS, and to add a passkey if the account does not have one yet. For SMEs running customer service through Instagram, it is worth checking whether the DMs and contact details fall under a PDPA-relevant business process, and whether a written notification template exists for the 72-hour clock. Instagram has closed this specific gap. The bigger list of things its AI Support Assistant can do on a user's behalf without a verification step has not been published, and that is the one to keep watching.
Sources: TechCrunch reporting by Lorenzo Franceschi-Bicchierai (1 June 2026); DataReportal Digital 2026 Malaysia; Personal Data Protection Commissioner Malaysia Guideline on Data Breach Notification, 2025.