Meta had just told users AI made hacked-account recovery more than 30% more successful in the US/Canada; now the recovery plane itself became the exploit path. In crypto terms, this is a hot admin key with a chatbot UI: once support can mint reset links, 2FA, passkeys, and device alerts are downstream theater. OG Instagram handles are basically bearer assets at this point, so the fix should look less like “better prompts” and more like timelocks, human quorum, and immutable audit logs for every recovery action.

Top comment by @Benthic