What Happened: An AI-Powered Shortcut to Instagram Account Hijacking
Meta’s AI support bot vulnerability was a security flaw in Instagram’s password reset process where the chatbot could be tricked into sending reset codes or attaching new emails to accounts without reliably confirming the real owner’s identity, allowing attackers to hijack Instagram profiles through routine support conversations. Reports surfaced over a weekend when apparent pro-Iranian hackers hijacked high-profile Instagram accounts, including the Obama-era White House handle, Sephora, and the Chief Master Sergeant for the US Space Force. Videos on Telegram and X showed that the Meta AI Support Assistant was central to the attack chain, effectively doing the work of resetting passwords on behalf of the attackers. Meta later confirmed the issue and said it has been fixed and that impacted accounts are being secured, but many users reported they were locked out before the patch landed.
How the Password Reset Vulnerability Worked Step by Step
The Instagram account hijacking method relied on the AI bot’s loose handling of password reset and email change requests. Attackers first connected to Instagram via VPN using an IP address in the same region as the victim to pass location checks. From the login screen, they clicked “Forgot password” and entered the target username, then chose the “Get Support” option to open Meta’s AI support chatbot. Instead of using the standard options to send a reset code to the legitimate email or phone, hackers typed prompts asking the bot to send the reset code or add a new email address controlled by them. The bot sometimes needed several tries but eventually sent an 8-digit code to the attacker’s inbox, which they read back to the AI assistant. Once verified, the chatbot offered a “Reset Password” path, letting the attacker set a new password without touching the real owner’s email.
Why Meta’s AI Chatbot Security Failed
At the core, this password reset vulnerability was a classic “confused deputy” problem: Meta’s AI assistant had powerful support privileges but weak safeguards on when to use them. The bot could attach a new email or send reset codes based largely on chat prompts rather than strong authentication. According to Technology.org, the wider issue is that Meta handed a machine tasks that a trained human support agent would have guarded more carefully, such as swapping the primary email on an account. Automated checks like IP matching were treated as enough, even though they can be spoofed with a VPN. In practice, this meant the AI treated whoever was chatting as the account owner and performed sensitive changes on command. The incident highlights how giving AI systems control over critical account security functions, without strict verification rules, can open unexpected and dangerous attack paths.
Did Two-Factor Authentication Help?
Evidence about multi-factor protection in these attacks is mixed, but it offers important clues about how strong defenses fared. Some Telegram users said they could not use the exploit on accounts protected by two-factor authentication, suggesting that extra login steps can block or complicate such AI-driven hijacks. However, at least a few users reported losing their accounts despite having multi-factor protection enabled, raising questions about how consistently 2FA was enforced alongside the AI support flow. Technology.org notes that accounts protected by multi-factor authentication, even basic SMS codes, appeared more resistant to the attack in many cases. This aligns with broader security experience: adding an extra factor will not fix a broken support flow, but it does add friction for attackers and may stop them when the exploit depends on password-only authentication paths, especially during suspicious login or recovery attempts.
Account Security Tips Now That the Flaw Is Patched
Meta says the issue has been resolved and that it is securing impacted accounts, but users should still harden their profiles against future Instagram account hijacking attempts. First, enable two-factor authentication in Instagram’s security settings, using an authentication app where possible. Next, review your login activity and connected devices; sign out sessions you do not recognize. Update your password to a unique, long passphrase and store it in a password manager, avoiding reuse across services. Check your email and phone number on file and remove any addresses you do not recognize. Be cautious with “Get Support” or similar AI tools: treat any reset or support chat as sensitive, and stop if something looks off. Finally, monitor your email for unusual security alerts and act quickly if you receive password reset notices you did not request, as this can signal an ongoing attack.
