Instagram AI chatbot tricked into handing hackers access to accounts

Instagram’s AI-powered customer support tool was exploited by hackers in recent days to gain unauthorized access to user accounts, Meta confirmed Tuesday. The exploit allowed attackers to change the email address and password associated with other users’ accounts by manipulating the platform’s Meta AI chatbot.

Meta spokesperson Andy Stone said in a statement on X that “this issue has been resolved and we are securing impacted accounts.” Stone also rejected as “totally false” claims circulating online that the vulnerability had been used to hack into accounts of world leaders.

Tech news outlet 404media reported that posts about the vulnerability coincided “with a series of high-profile Instagram account takeovers” including a verified account used by Barack Obama when he was in the White House. The former president’s account reportedly posted pro-Iran content before it was recovered.

It remains unclear how many Instagram accounts were affected by the exploit.

Former Meta security engineer Jane Manchun Wong, who previously worked at the company as a security engineer, said in a post on X that her Instagram password was “changed without my knowledge” and that she had repeatedly seen different password reset attempts. “Quite concerning,” she added.

Videos shared on social media showed how the exploit worked. In one demonstration shared by cybersecurity researcher Dark Web Informer, a person searched for the username of an account they wished to access through Instagram’s account recovery process. They used a virtual private network service to disguise their location as that of the real account holder, then sent a message to Instagram’s Meta AI support assistant asking to link a new email to the account. The chatbot followed through, sending a verification code to the hacker’s email, followed by a link to change the account password.

One X user wrote that they had been unable to find “human support” after their Instagram account was hacked. “We’re at the point where one AI stole it and another can’t fix it, zero humans in the loop anywhere,” they said.

Marijus Briedis, chief technology officer at NordVPN, said that when AI chatbots have “too much authority and too little verification, they can become a serious security risk.” He described account recovery as one of the “most sensitive parts of any platform” and said it “should never rely on convenience alone, because the person asking for access may not be the rightful owner.”

Meta has faced repeated scrutiny over inadequate support for users whose accounts are hacked or suspended in error. An independent body that hears disputes from social media users in the European Union said last week that Meta virtually never replies when it raises cases of people who say they have been wrongly banned from their accounts.

The incident comes amid broader concerns about the security implications of deploying increasingly capable AI systems to replace human customer service. Meta has also made large cuts to its workforce while spending billions of dollars on artificial intelligence initiatives, a shift that has drawn criticism as AI-powered support tools are pushed to handle tasks previously managed by human staff.