top of page

Hackers Exploited Meta's AI Support Bot to Compromise Instagram Accounts

  • Jun 2
  • 3 min read

Key Findings


  • Meta's AI support assistant was exploited to hijack high-profile Instagram accounts including the Obama White House account and U.S. Space Force Chief Master Sergeant account over the weekend of May 31

  • Hackers used a VPN to spoof location, then tricked the AI bot into adding unauthorized email addresses to target accounts and resetting passwords

  • The exploit bypassed two-factor authentication entirely and was defeated only by accounts with multi-factor authentication enabled

  • Valuable short-handle Instagram accounts collectively worth over $1 million were stolen and resold

  • Meta deployed an emergency patch and resolved the issue, though the company has not provided detailed technical comments


Background


Meta launched its AI support assistant in March to help users with account recovery issues like password resets without requiring human customer service involvement. Instagram has historically struggled with poor human support infrastructure, making account recovery a weeks-long process involving automated ticketing systems. The AI assistant was designed to handle common workflows including relinking lost email addresses, triggering password resets, and verifying account ownership. This new system became an unexpected target for attackers who quickly identified security vulnerabilities in how the bot handled sensitive authentication procedures.


How the Exploit Worked


The attack was remarkably straightforward. Hackers connected through a VPN with an IP address matching or near the target account owner's usual location to avoid triggering security alerts. They then initiated a password reset request and chose to chat with Meta's AI support assistant. Through conversation, they instructed the bot to add a new email address to the target account. The bot, programmed to be helpful and trusting, sent a one-time verification code to the attacker's email address. When the hacker returned the code to the bot, it provided a password reset button. The system even accepted deepfake selfie videos to bypass identity verification checks. The account owner received no notifications about these changes.


Accounts Affected and Scope


The defaced accounts included the archived Barack Obama White House Instagram profile with over 2 million followers, which was hit with pro-Iranian images and messages including text stating "The White House is under Shiites' control." Additional targets included the Chief Master Sergeant of the U.S. Space Force, beauty brand Sephora, and security researcher Jane Wong. Hackers released step-by-step videos on Telegram demonstrating the exploit, which rapidly spread through blackhat hacking communities. According to reports, hackers specifically targeted valuable short-handle accounts like "hey" and "jowo" that allegedly have resale values exceeding $500,000 to $1 million collectively.


Why Multi-Factor Authentication Mattered


The critical detail emerged from the hackers themselves: the exploit failed completely against any accounts with multi-factor authentication enabled. Even the most basic form of MFA that Instagram offers - one-time codes sent via SMS - would have blocked the attack entirely. This vulnerability highlighted the importance of adopting the strongest available MFA options such as passkeys or security keys rather than relying on less robust authentication methods.


Expert Analysis and Emerging Threats


Threat researcher Ian Goldin from Lumen's Black Lotus Labs characterized this as uncharted security territory. He emphasized that AI chatbots are vulnerable to the same social engineering tactics that compromise human customer service representatives. Like their human counterparts, AI bots are programmed to be helpful and eager to assist, making them susceptible to manipulation and persuasion. Goldin warned that we should expect to see significantly more attacks exploiting AI chatbots handling sensitive account recovery requests as companies continue deploying these systems for authentication workflows.


Response and Remediation


Meta spokesperson Andy Stone announced on social media that the company had fixed the problem and was working to secure affected accounts. Security blog thecybersecguru.com reported that Meta pushed an emergency patch over the weekend and clarified that no backend database had been breached. However, users who lost access to their accounts reported extreme difficulty reaching human representatives to regain control, forcing them to navigate Meta's automated support systems. The company has not provided detailed technical commentary on the vulnerability or answered broader questions about how the bot's logic flaws were allowed to reach production.


Sources


  • https://krebsonsecurity.com/2026/06/hackers-used-metas-ai-support-bot-to-seize-instagram-accounts/

  • https://hackread.com/hackers-abuse-meta-ai-bot-hijack-instagram-accounts/

  • https://x.com/TheCyberSecHub/status/2061504651267281020

  • https://news.ycombinator.com/item?id=48361346

  • https://tech.yahoo.com/ai/meta-ai/article/metas-ai-chatbot-reportedly-helped-hackers-steal-instagram-accounts--all-they-had-to-do-was-ask-202138534.html

Recent Posts

See All

Comments


  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page