Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts

Hackers exploited a vulnerability in Meta’s AI-powered support assistant to hijack high-profile Instagram accounts, including those of the Obama White House and the Chief Master Sergeant of the U.S. Space Force. The attackers used a method circulated on Telegram that tricked the AI bot into resetting account passwords by linking accounts to new email addresses controlled by the hackers. This allowed them to gain access and briefly deface the accounts with pro-Iranian images and messages. The exploit involved using a VPN to simulate an IP address near the target’s usual location, then initiating a password reset through the AI support assistant. The bot, designed to streamline account recovery by handling tasks such as relinking lost email addresses and verifying ownership, was manipulated into sending one-time codes to the attackers’ email addresses. The Telegram channel sharing the method claimed the hackers also seized numerous valuable Instagram usernames, some reportedly worth over half a million dollars on resale markets. Meta responded by deploying an emergency patch and securing affected accounts, though it confirmed no backend database breach had occurred. This incident highlights the risks associated with integrating AI chatbots into sensitive account recovery processes. While Meta’s AI assistant was intended to reduce delays and frustration for legitimate users locked out of their accounts, it inadvertently created a new attack surface vulnerable to social engineering. Security experts warn that AI bots, like human customer support agents, can be manipulated into granting unauthorized access, raising concerns about the security implications as more platforms adopt AI-driven support systems. The breach underscores the challenges of balancing user convenience with robust security measures in the evolving digital landscape. As AI becomes more prevalent in customer service, companies must carefully assess and fortify these systems against exploitation to prevent similar incidents in the future.