Hackers Used Meta’s AI Support Bot to Hijack Instagram Accounts – Krebs on Security

I Instagram The accounts of the Obama White House and the Chief Master Sergeant of the US Space Force were briefly exposed to Iranian photos and messages over the weekend, after instructions began circulating on Telegram showing how to trick Meta’s “AI-backed” bot into resetting account passwords.

On May 31st, word began to spread on several Telegram instant messaging channels that Meta’s AI bot would happily add an email address to an existing account as part of the bot’s standard password reset flow.

A video released on Telegram by pro-Iran hackers claims to document a surprisingly simple exploit that appears to involve using a VPN connection with a domain address in or near the target’s home city, requesting an account password reset, and then choosing to chat with Meta’s AI support assistant. From there, the video shows the attacker telling the bot to link the account in question to a new email address, after which the bot sent that address a one-time code that allows for a password reset.

The Telegram account that posted the video was also linked to screenshots of pro-Iran photos, videos and messages that defaced the hacked Instagram accounts, saying that hackers used this exploit to hijack a significant (read: short) number of Instagram account names that allegedly have over a million dollars in sales.

Meta did not respond to requests for comment about the video requests, but Meta’s Andy Stone said on Twitter/X that the issue had been resolved and that they were protecting affected accounts. Security blog cybersecguru.com reports that Meta pushed the emergency over the weekend, and clarified that no backend database was breached.

“Instagram has a poor infrastructure to support people,” writes Cybersecguru. “Finding a locked account – especially a high-value one can take weeks of back-and-forth with an automated ticketing system. Meta’s solution was to deploy an AI chat layer to handle the typical recovery workflow: reconnecting a lost email address, triggering a password reset, verifying account ownership. The assistant, obviously, had to be involved in legally limiting the account.”

Ian Goldinthreat researcher at Lumen’s Black Lotus Labswe’re entering uncharted security territory as major online platforms begin to allow AI chatbots to handle sensitive account recovery requests. Just as human customer support staff are socially inept at providing unauthorized access to someone’s account, AI bots are equally willing to help and vulnerable to fraud and trickery, he said.

“AI chatbots create an exciting new attack surface, and we’re likely to see more of these types of attacks,” Goldin said.

Securing your various online accounts means taking full advantage of the most secure multi-factor authentication (MFA) method on offer (such as a passkey or authentication key). In this case, even using the strong form of MFA offered by Instagram – a one-time code sent via SMS – might have prevented the exploit: The hackers who leaked the video to Telegram said their exploit failed to work against any MFA-enabled accounts.