Meta’s AI-powered support chatbot, designed to streamline account recovery and security, has been exploited to hijack high-profile Instagram accounts. Reports from Xataka and 404 Media confirm that attackers bypassed security protocols not through sophisticated software, but by using social engineering to convince the AI to grant them full account access.
Evidence of the breach surfaced over the weekend as users on Reddit and X reported widespread account takeovers. Among the compromised profiles was the inactive Instagram account belonging to the White House during the Obama administration, which had remained dormant since 2017. Jane Wong, a former Meta researcher and security expert, reported on Threads that her own account was compromised after she was locked out, noting that her password had been changed without her authorization.
Meta introduced the AI support assistant in March, positioning it as an agile tool to resolve account issues and identify impostors. However, as noted by Futurism, the feature intended to automate customer service became a liability. According to 404 Media, the chatbot functioned exactly as programmed, prioritizing helpfulness over security; when attackers used VPNs to mimic the geographic location of a target and requested account access, the AI complied with their prompts.
In one documented instance, an attacker simply requested that the AI link a new email address to a target account, providing the username and the target’s handle. The AI responded by sending a one-time verification code to the attacker’s email, effectively handing over control of the account to the unauthorized party. This exploit highlights a critical flaw in delegating sensitive account management to automated systems that lack the nuance to detect manipulative intent.
Ian Goldin of Black Lotus Labs, speaking to Krebs on Security, emphasized the broader implications of this vulnerability. He noted that AI bots are just as susceptible to deception as human employees, stating, “Just as human customer service employees can be socially engineered to provide unauthorized access to someone’s account, AI bots are just as willing to help and vulnerable to persuasion and deception.”
While Meta has reportedly implemented new safeguards to mitigate the exploit, the duration of the vulnerability remains a concern. There is evidence suggesting the flaw may have been active within Meta’s systems since February, leaving the total number of compromised accounts currently unknown. The incident serves as a stark reminder that while the tech industry pushes for widespread automation, AI systems remain a new and highly effective surface for exploitation.
