Meta’s own AI was exploited to hijack Instagram accounts

Meta's AI support assistant has become an unexpected vector for account compromise, with hackers discovering a critical security flaw that allows them to hijack Instagram accounts through the company's own chatbot. According to reports from 404 Media, threat actors have demonstrated a sophisticated social engineering attack that leverages Meta's customer support AI to facilitate unauthorized account takeovers, exposing millions of users to potential identity theft and fraud.

The vulnerability exploits Meta's AI chatbot's helpful nature by having it execute account recovery procedures intended for legitimate users. In documented evidence shared on Telegram, hackers demonstrated the attack process: they request the AI chatbot to change the email address associated with a target Instagram account, then initiate a password reset using the newly configured email. This two-step process effectively locks the original account owner out while giving attackers complete control. The AI chatbot, designed to assist users with account management issues, cannot adequately verify whether the requester is actually the legitimate account holder, creating a significant security gap in Meta's support infrastructure.

• AI chatbots designed for customer support require stronger identity verification protocols to prevent social engineering attacks
• Companies must implement additional authentication layers beyond automated support systems for sensitive account changes
• The incident highlights inherent risks in delegating account security decisions to AI without human oversight
• Third-party verification mechanisms (such as confirming identity through linked phone numbers or security questions) are essential safeguards
• This vulnerability affects millions of Instagram users and represents a broader challenge for social media platforms relying on AI support

This vulnerability represents a critical intersection between artificial intelligence advancement and cybersecurity. While Meta's AI chatbot was designed to improve user experience by providing instant support, the attack demonstrates that convenience can compromise security when proper safeguards aren't implemented. The incident underscores the importance of companies thoroughly testing AI systems for security vulnerabilities before deployment, particularly when these systems have access to sensitive account management functions. For Instagram users, this serves as a reminder to enable two-factor authentication and monitor account activity regularly.