Hackers trick Meta AI chatbot into handing over Instagram accounts, including Obama White House profile
Attackers exploited Meta's own AI support assistant to reset passwords and seize Instagram accounts without accessing victims' email, prompting an emergency fix from the company.
A vulnerability in Meta's AI-powered customer support chatbot allowed hackers to take over Instagram accounts by simply asking the assistant to add a new email address and reset the password. The exploit, which required no malware or phishing, was demonstrated in videos circulating on X and Telegram and confirmed by multiple security researchers.
How the attack worked
The method relied entirely on social engineering directed at Meta AI Support Assistant, the conversational agent designed to help users recover and manage their accounts. An attacker would first use a VPN to mask their location and avoid triggering Meta's automated defenses. They would then open a chat with the support bot and request that a new email address be linked to the target account.
Instead of verifying the requester's identity through the original email on file, the chatbot sent a verification code directly to the address provided by the attacker. Once the hacker relayed that code back in the conversation, the AI displayed a password reset button, effectively handing over control of the account. TechCrunch reported verifying elements of the procedure, confirming that the verification code was indeed delivered to the attacker's email.
Accounts compromised
Among the affected profiles were the official White House account from the Obama administration, inactive since 2017 and archived under the National Archives and Records Administration, as well as the account of Chief Master Sergeant John Bentivegna of the US Space Force. The Sephora brand account was also compromised, according to The Guardian. Dozens of regular users reported similar incidents on Reddit and X.
Security researcher Jane Wong said her own Instagram account was taken over. "My password was changed without my knowledge and I received several reset attempts throughout the day yesterday. It's quite worrying," she wrote on X.
Meta's response
Instagram spokesperson Andy Stone confirmed the security issue had been patched. "A fix has been applied," Stone said in a reply to Wong's original post. The company stated it is working to secure accounts that may have been affected but did not disclose how many were compromised before the vulnerability was closed.
Meta had rolled out the AI support assistant globally earlier this year for Facebook and Instagram, describing it as a tool to automate operations such as fraud reporting, impersonation flagging, and password resets. The incident raises fresh questions about deploying large language models in sensitive security processes where human agents would normally challenge unusual data-change requests.
My password was changed without my knowledge and I was getting multiple password reset attempts throughout the day yesterday. Quite worrying.
A fix has been applied.
- Users begin reporting compromised Instagram accounts on Reddit and X; videos of the exploit method circulate on Telegram.
- Security researcher Jane Wong reports her account taken over via the chatbot flaw; TechCrunch verifies elements of the attack procedure.
- Meta spokesperson Andy Stone confirms a fix has been applied; company states it is working to secure affected accounts.
