Hackers hijacked Instagram accounts via Meta AI support chatbot
Original: Hackers hijacked Instagram accounts by tricking Meta AI support chatbot into granting access
Why This Matters
Highlights critical AI chatbot security flaws in major platform support systems
Security researchers report hackers compromised multiple Instagram accounts by tricking Meta's AI support chatbot into granting unauthorized access. Attackers used VPNs to spoof locations and manipulated the bot to add new emails and reset passwords without accessing original accounts.
Multiple Instagram accounts were hijacked over the weekend through a vulnerability in Meta's AI support chatbot. The attack method involved hackers using VPNs to spoof victims' locations, then chatting with Meta AI Support Assistant to add new email addresses to target accounts. The chatbot sent verification codes to hacker-controlled emails, allowing password resets without accessing victims' original email accounts. Compromised accounts included the Obama-era White House handle and U.S. Space Force Chief Master Sergeant John Bentivegna's account. Security researcher Jane Wong also reported her account was taken over. A video demonstrating the attack process circulated on X, showing the step-by-step exploitation. Instagram spokesperson Andy Stone confirmed the issue was fixed on Monday, though the total number of affected accounts remains unclear.