Instagram Accounts Compromised via Meta’s AI Chatbot Exploit

How AI-Powered Support Became a Gateway for Instagram Hacks

According to НВ — Техно: Cybercriminals exploited Meta’s AI-driven customer support chatbot to hijack Instagram accounts by resetting linked email addresses and passwords. This security breach occurred around the same time as the compromise of the official Barack Obama-era White House account (@obamawhitehouse). Other high-profile targets included the Senior Enlisted Advisor for the U.S. Space Force, beauty retailer Sephora, and security researcher Jane Manchun Wong.

What Happened: A Closer Look

The breach was first reported by 404 Media. A hacker shared a Telegram video demonstrating how the Meta support chatbot could be tricked into changing an account’s email and password. The attacker requested the bot to link a new email, received a verification code from the AI, confirmed the change, and then set a custom password. Jane Manchun Wong later confirmed her account was taken over, noting she received numerous password reset requests and was forcibly logged out of the Instagram app on her iPhone.

Meta has since confirmed the vulnerability was patched. Andy Stone, the company’s head of communications, stated:

“The issue has been resolved, and we are working to secure any potentially impacted accounts.”

In March, Meta introduced an AI assistant designed to help users reset passwords, enable two-factor authentication, and recover locked accounts. However, Gergely Orosz, author of The Pragmatic Engineer newsletter, pointed out that Instagram’s trust and safety team had been significantly downsized due to layoffs and reassignments-many of which shifted focus toward AI projects. He also noted that ‘the attack was not sophisticated, and the vulnerability likely stemmed from over-reliance on AI within the company’s services at the expense of proper security oversight.’

Attackers used VPNs to mask their locations and targeted valuable short usernames-such as single letters or simple words. Meta continues to enhance its security measures to prevent similar incidents in the future.

This incident underscores the critical need for robust cybersecurity as companies increasingly integrate AI into their platforms. The successful hijacking of prominent accounts reveals potential weaknesses that could be exploited by bad actors, putting both user data and corporate reputations at risk. While Meta has patched the flaw and is working to improve its security systems, the case serves as a stark reminder that digital protection requires a comprehensive, multi-layered approach in today’s tech-driven landscape.

The increasing reliance on AI technology in various sectors raises significant security concerns, as seen in the recent FROST attack, which allows hackers to identify programs running on personal computers. This incident highlights the vulnerabilities that can arise when automated systems are not adequately secured, emphasizing the need for enhanced protective measures across digital platforms.