Hackers Exploit Meta's AI Bot to Hijack Accounts

INSTAGRAM — Hackers exploited Meta’s AI support bot on Instagram over the weekend of May 31 to hijack high-profile accounts, including those of the Obama White House, the Chief Master Sergeant of the U.S. Space Force, and Sephora, by tricking the bot into linking attacker-controlled email addresses for password resets. The compromised accounts were briefly defaced with pro-Iranian images and messages.

Instructions for the exploit began circulating on Telegram channels, detailing how to manipulate Meta’s AI assistant during the password reset process. A video posted by pro-Iran hackers demonstrated using a VPN with an IP address near the target’s usual location, submitting a password reset request, and then instructing the AI bot to link a new email address to the account. Once linked, the bot sent a one-time code to that email, enabling the attacker to reset the password and take control.

The hackers claimed the method allowed them to seize valuable short Instagram usernames, which they said could be resold for more than a half million dollars. The attack did not work against accounts with multi-factor authentication (MFA) enabled. Even using SMS-based codes, the least robust form of MFA Instagram offers, likely would have blocked unauthorized access.

Meta reportedly acknowledged that the dormant Instagram account for the Obama White House was briefly compromised. According to the security blog thecybersecguru.com, Meta issued an emergency patch over the weekend and confirmed no back-end databases were breached.

Meta had deployed the AI support layer to handle common recovery tasks like relinking email addresses and verifying ownership. In March, the company announced it was expanding AI support across Facebook and Instagram, promoting it as offering “Solutions, not just suggestions” for account security and recovery.

“AI chatbots create interesting new attack surface, and we’re likely going to see a lot more of these kinds of attacks,” said Ian Goldin, a threat researcher at Lumen’s Black Lotus Labs. He added that AI chatbots are “equally eager to help and vulnerable to persuasion and trickery, just like human customer support employees who can be social engineered into providing unauthorized access.”