Meta patches Instagram AI chatbot vulnerability after high-profile account hijackings
The US White House, US Space Force, and Sephora accounts were among those compromised before the tech giant resolved the issue on Monday.
Meta has confirmed it has resolved a critical security vulnerability in its AI-powered Instagram support chatbot that enabled hackers to hijack user accounts. The exploit allowed malicious actors to bypass standard authentication protocols, including two-factor authentication, by social engineering the bot into linking a new email address and resetting passwords.
The issue came to light over the weekend when high-profile accounts were compromised, including the official White House Instagram page (@obamawhitehouse), which posted images containing Iranian propaganda. Other affected accounts included the US Space Force Chief Master Sergeant’s profile and the account of beauty retailer Sephora, according to reports from 404 Media.
In a video shared on Telegram, a hacker demonstrated the attack vector by instructing the Meta AI support chatbot to link a new email address. The assistant subsequently sent a verification code to the hacker-provided address, which the attacker entered to authenticate the change. This process triggered a password reset function, allowing the hacker to set a new credential and lock out the original owner without requiring access to the victim’s device.
Some attackers utilised virtual private networks (VPNs) to spoof their location, making it appear as though they were in the same geographic area as their target to contact Meta support. The attacks reportedly targeted high-value usernames, such as single-letter or single-word handles. Security researcher Jane Manchun Wong confirmed her account was taken over, noting she received unauthorised password reset attempts and was repeatedly logged out of the iOS app.
Meta’s communications head, Andy Stone, confirmed the vulnerability was resolved on Monday, stating that the company is currently securing impacted accounts. The AI support assistant, rolled out in March to help users with tasks such as password resets and two-factor authentication setup, was the central point of failure in this incident.
Industry observers have suggested the vulnerability may have been exacerbated by recent operational changes within Instagram. Gergely Orosz, creator of The Pragmatic Engineer newsletter, noted that Instagram’s trust and safety team underwent significant layoffs and reassignments in recent weeks, with some staff moved to AI labeling tasks. Orosz suggested that engineers may have over-relied on AI tools while lacking incentives for security-focused tasks, though Meta has not officially admitted to a causal link between the restructuring and this specific exploit.
