Meta alerts users after AI chatbot exploit enables Instagram account takeovers
The vulnerability, which allowed hackers to seize high-profile and short-handle accounts, was reportedly patched on Monday, yet further compromises emerged by Tuesday.
Instagram has begun notifying users whose accounts were compromised during a hacking campaign that exploited Meta’s AI-powered support chatbot. The attack relied on social engineering rather than technical infrastructure breaches, with attackers tricking the automated system into linking victims’ accounts to email addresses controlled by the hackers. This enabled the perpetrators to reset passwords and seize control of the accounts, often locking out the original owners.
The campaign targeted a range of accounts, including high-profile users, individuals with short “OG” handles, a US Space Force official, and the dormant Obama White House account. While reports indicated the White House account was taken over, Meta has disputed this specific claim. The acquisition of short, early-registered usernames has long been a lucrative grey market, but previous methods required complex strategies such as phishing, SIM swapping, or bribing telecom insiders. This latest vector was notably simpler, relying entirely on the AI chatbot’s compliance with false ownership claims.
Meta spokesperson Andy Stone confirmed that the company identified and secured the affected accounts on Monday, stating the underlying vulnerability had been fixed. The company subsequently began sending password reset emails to victims, who reported receiving messages warning of “suspicious activity” and instructing them to secure their accounts. Stone noted that remediation efforts vary, with some users receiving reset notifications while others may be prompted to answer security questions upon attempting to log in.
Despite the company’s assertion that the issue was resolved, reports of further compromises emerged on Tuesday. TechCrunch observed discussions in a Telegram channel where the hacking technique was publicised, with participants claiming they could still exploit the AI chatbot and advertising allegedly hacked handles for sale. It remains difficult to confirm with certainty whether all reported compromises were caused by the same exploitation technique, and Meta has not disclosed the total number of users affected.
The incident highlights risks associated with automating customer support functions. In March, Meta announced the implementation of AI to automate user support, stating the chatbot was designed to resolve account issues from start to finish, including securely resetting passwords. The current events suggest that while automation can streamline support, it may also introduce new attack surfaces if the system lacks sufficient verification protocols for sensitive account changes.
