Hackers hijacked Instagram accounts using Meta's AI support chatbot

Hackers successfully used Meta's AI support chatbot to reset the email addresses associated with high-profile Instagram accounts over the weekend, according to multiple reports. The attacks leveraged instructions circulating on Telegram that detailed how to trick the AI assistant into linking an account to a new email, bypassing standard authentication checks. Meta has since fixed the vulnerability but did not disclose how long the flaw had existed.

The breach affected at least two prominent targets: the Instagram account for the Obama White House and that of the Chief Master Sergeant of the U.S. Space Force. Both were briefly defaced with pro-Iranian imagery and messages. Researchers describe the exploit as a classic "confused deputy" weakness, where the AI chatbot, designed to assist with password resets, could be manipulated into authorizing account changes without proper verification.

Technically, the attack did not require sophisticated tools. Hackers simply asked the chatbot to change the account's linked email, which then allowed them to initiate a password reset. No authentication token or secondary approval was needed once the AI processed the request. The incident highlights the risk of relying on automated support systems for sensitive operations without robust guardrails.

Meta has acknowledged the issue and deployed a fix, though the company has not shared technical details of the patch or whether affected accounts were restored through rollback measures. Users are advised to enable two-factor authentication and monitor for unexpected email changes. No evidence suggests that the exploit was used beyond the reported high-profile targets.

Attribution for the attacks remains unclear, though the use of Telegram for coordination suggests a decentralized group rather than a state actor. The incident underscores broader concerns about AI as a vector for account takeover, with the template now publicly available for others to attempt.