My Meta Account Was Hacked. What Happened Next Was Worse.
Last week, I discovered that someone had gained unauthorized access to my Meta account.
Like most people, I assumed the difficult part would be securing the account. I expected to change passwords, enable additional security measures, dispute a few charges, and work through the recovery process with support. It was frustrating, certainly, but it felt solvable.
Instead, what followed has become one of the most bewildering customer service experiences I have ever encountered.
The Account Compromise
The unauthorized activity itself was serious.
Someone added an unfamiliar email address to my account. Portions of my profile information were modified. My account was linked to a business portfolio I had never heard of. Advertising accounts that had been inactive for years were suddenly being used to run ads that had nothing to do with me.
The activity generated charges that I am now disputing and forced me to disable PayPal, cancel my debit card, and spend hours documenting transactions and securing accounts.
As alarming as those discoveries were, they ultimately were not the most troubling part of the experience.
Looking for Help
Like many companies, Meta increasingly relies on AI-driven support tools. I understand why. Companies operating at Meta’s scale receive an enormous volume of support requests, and automation can help route users to resources more efficiently.
In theory, that makes sense.
In practice, I found myself caught in a support experience that became increasingly difficult to understand.
Over the course of a single conversation, the AI informed me that it had identified the individual responsible for the unauthorized activity. It provided a case number. It claimed there was an active investigation. It stated that notes had been added to my file and that specialized security teams were reviewing my complaint.
It also claimed to have reviewed account activity, advertising records, business portfolio relationships, support cases, security restrictions, and page permissions.
The Problem With Invisible Support
The problem was that none of those things appeared anywhere I could independently verify them.
The case number was not visible in my support inbox. The direct links it provided led to error pages. The promised emails never arrived. The support tools it referenced either did not exist or were inaccessible.
Every time I explained that something wasn’t there, the AI had another explanation. The account was locked down. The investigation was hidden for security purposes. The email was delayed. The case existed even if I couldn’t see it.
Eventually, I realized I was no longer just trying to recover my account. I was trying to determine whether the support system itself was providing accurate information.
Confidence Without Verification
That uncertainty became the most unsettling part of the experience.
Traditional customer service has limitations. A representative may not know the answer. They may need to escalate a case. They may need to transfer you to another department. While those situations can be frustrating, they at least establish clear boundaries around what is and is not known.
The AI never seemed to have those boundaries.
It always had another answer or explanation, and it always sounded confident.
And yet, after hours of conversation, I was no closer to understanding whether a human being had actually reviewed my case.
As users, we are often told to trust automated systems. Trust, however, requires transparency. When a system presents information as fact, users need some way to determine whether that information is accurate.
Without that ability, confidence can begin to feel indistinguishable from guesswork.
The Professional Impact
For me, this situation extends beyond a personal social media account.
I work in digital communications and manage social media professionally. I support organizations that rely on these platforms to communicate with their audiences. The nonprofit my son and I operate also depends on these tools to share information and engage supporters.
When access to those systems becomes uncertain, the consequences extend beyond inconvenience.
The possibility of losing access to professional accounts, disrupting client relationships, or limiting communication for a charitable organization raises the stakes considerably.
That is why the lack of clarity became so concerning. When a platform plays an important role in someone’s professional life, they need confidence that meaningful support exists when serious problems arise.
The Meta Verified Question
One of the more surprising moments occurred when I was encouraged to subscribe to Meta Verified as a way to receive improved support.
At the time, I was actively dealing with fraudulent advertising charges and unauthorized access. I had already removed payment methods and disabled financial accounts in an effort to prevent additional losses.
The suggestion that I should add a payment method and begin paying for a subscription before the underlying security issue had been resolved felt disconnected from the reality of the situation.
If a user is already dealing with financial fraud, asking them to enter additional payment information to an account where an unauthorized email is still attached is unlikely to inspire confidence.
Why This Doesn’t Feel Like an Isolated Incident
As I continued researching my own situation, I discovered that I am far from the only person asking questions about Meta’s AI systems, security controls, and support infrastructure.
In June 2026, multiple reports emerged that hackers were allegedly able to exploit Meta’s AI-powered support tools to gain access to Instagram accounts. According to reporting by 404 Media, Krebs on Security, Business Insider, and others, attackers claimed they were able to manipulate Meta’s AI support workflows into changing account recovery information and facilitating account takeovers. Meta later acknowledged issues with its AI-powered support processes and reportedly secured thousands of affected accounts.
Separately, Meta faced criticism over privacy issues involving its standalone Meta AI application. Researchers and journalists documented instances where users unintentionally shared highly personal conversations, including medical, legal, financial, and family-related information, through public-facing features that many users did not appear to fully understand. Meta ultimately added additional warnings after widespread concern about the visibility of those conversations.
More recently, Meta paused an internal AI training initiative after employee data, including conversations, prompts, and workplace activity information, was reportedly exposed within the company due to inadequate access controls. The incident raised additional questions about data governance, privacy oversight, and whether safeguards were keeping pace with the company’s rapid AI expansion.
None of these incidents are identical to what happened to me.
However, taken together, they point to a broader pattern. As Meta accelerates its AI initiatives and increasingly relies on automation to manage customer support, account recovery, content moderation, and platform operations, questions about transparency, accountability, security, and human oversight become more important, not less.
My experience may have started with a compromised account, but it ultimately left me wondering whether the systems designed to help users recover from these incidents are evolving as quickly as the technology itself.
Questions That Still Need Answers
At the time of writing, I still have many questions.
How was an account protected by two-factor authentication compromised?
Why were inactive advertising accounts able to accumulate charges without triggering more visible alerts?
Why was there no clear and consistent way to verify the status of a support case?
How are users supposed to distinguish between confirmed information and AI-generated assumptions when both are presented with the same level of confidence?
Why am I unable to delete unathorized users or edit my birthdate?
These are not simply technical questions. They are questions about trust.
What Consumers Deserve
I understand that investigations take time and that account recovery can be complicated. And I certainly do not expect perfection.
What I do expect is transparency and responsiveness.
I want to know whether a support case actually exists.
I want to know whether a human being has reviewed the information I submitted.
I want to understand what is happening, what happens next, and what actions I should reasonably expect.
Most importantly, I want companies to recognize that there is a significant difference between solving a problem and creating the appearance that a problem is being solved.
After this experience, that distinction feels more important than ever.
