Hackers Exploit Meta AI Chatbot to Hijack Instagram Accounts Hackers’ ability to turn Meta’s own AI support chatbot into a break‑in tool for Instagram accounts has intensified concerns over how quickly powerful AI is being wired into core security systems.

How the exploit emerged

Over the weekend, security researchers and victims began reporting that hackers could seize Instagram profiles simply by talking to Meta’s new AI-powered support assistant, rolled out in March to help with routine tasks like password resets and two-factor setup. According to multiple reports, attackers did not need access to a victim’s email, phishing links, or malware.

A video shared on Telegram and later described by tech outlets showed a hacker using a VPN to spoof the target’s location, opening a chat with the Meta AI Support Assistant, and asking it to add a new email address to someone else’s account. The chatbot then sent a verification code to the hacker’s email and, once the code was relayed back, displayed a “Reset Password” button, allowing the attacker to lock out the original owner.

Impact on high-profile and “valuable” accounts

Reports from Ars Technica, The Verge, and The Next Web describe how the flaw was used to take over “notable Instagram accounts” and steal “pricey Instagram handles” that were then resold on underground markets. High‑value usernames, such as single letters or common words like “h” or “eggs,” were among the targets.

Several prominent profiles were compromised. The Obama-era @obamawhitehouse account, dormant since 2017, began posting images with Iranian propaganda after being hijacked. Accounts linked to the US Space Force Chief Master Sergeant and retailer Sephora were also reportedly taken over.

Security researcher Jane Manchun Wong said her own Instagram was seized, noting “the password got changed without my knowledge” amid repeated reset attempts, which she called “quite concerning.”

Meta and experts respond

Meta says the vulnerability in its AI support chatbot, which had allowed hackers to “link a new email address” and reset passwords, has now been patched. An Instagram spokesperson said on Monday that “the issue was fixed,” though the company has not disclosed how many users were affected or provided detailed technical explanations.

Security researchers argue the incident underscores “a fundamental flaw”: the AI system assumed the person chatting was the legitimate account owner, granting account‑level permissions without robust identity checks. The episode is being cited as part of a broader pattern of “recent high-profile AI deployment failures,” raising questions about whether cost-cutting and over‑reliance on automated tools are eroding basic safeguards around major social platforms.

Continue reading https://foxvector.com/stories/019e8576-a491-1607-7215-15455c683843