Meta AI Support Bot Tricked into Resetting Instagram Passwords
Attackers bypassed security protocols by manipulating a conversational AI layer designed to handle automated account recovery.
Primary source: Krebs on Security. Full source links and update notes are below.
Fast summary
Start here
- Hackers tricked Meta's AI assistant into linking new email addresses to existing Instagram accounts.
- High-profile targets included the Obama White House and a U.S. Space Force official.
- The exploit bypassed standard recovery checks but was ineffective against accounts with multi-factor authentication enabled.
What happened
Pro-Iranian hackers successfully defaced high-profile Instagram accounts, including those belonging to the Obama White House and the Chief Master Sergeant of the U.S. Space Force. The breach occurred after instructions began circulating on Telegram detailing how to manipulate Meta’s “AI support assistant” bot into resetting account passwords without proper authorization.
What's new in this update
Meta has reportedly deployed an emergency patch to address the vulnerability within its AI customer support bot. Security experts clarify that the incident was not the result of a backend database breach, but rather a failure in the conversational AI’s logic for handling account recovery workflows.
Key details
The exploit involved using a VPN to mimic the target’s location before engaging the AI assistant in a support chat. Attackers persuaded the bot to link a new email address to the account, after which the bot sent a one-time password reset code to that new address. Pro-Iran hackers claimed they also used this method to hijack valuable 'short' Instagram usernames for resale on the black market.
Background and context
Meta implemented the conversational AI layer to alleviate pressure on Instagram’s notoriously slow human support infrastructure. The assistant was designed to reduce friction for users attempting to relink lost emails or trigger password resets; however, threat researchers note that AI bots are as vulnerable to persuasion and trickery as human customer service agents.
What to watch next
Security researchers suggest this is the beginning of a broader trend where large online platforms face new risks by allowing AI chatbots to handle sensitive account functions. Future safeguards may include mandatory hardware-based multi-factor authentication for high-value accounts or more restrictive AI guardrails for identity verification.
Why it matters
This incident highlights a burgeoning attack surface where AI-driven support tools can be social engineered to bypass traditional identity verification and security controls.
Read next
Follow this story through the topic hub, more security coverage, and the latest updates.
Weekly briefing
Get the week's key developments in one concise email.
Get a fast catch-up on the biggest stories, the context behind them, and the links worth your time.
Cadence
Weekly, for a quick catch-up
Coverage
AI, business, world, security, sports
Format
Clear takeaways and useful context
Request the briefing
Leave your email to open a prepared request and get on the list for the weekly briefing.
Author
See who assembled this story and follow more of their work.
Sources and methodology