What's new since our earlier coverage: While we've reported on the basic outlines of this story before, the sources have since revealed several important new details — including a follow-on attack using an Android emulator called BlueStacks, the "confused deputy" security concept at the heart of the flaw, and confirmation that deepfake videos were used to bypass even enhanced identity checks. This post focuses on what you can actually do about it right now.
If you use Instagram for your business, your brand, or just to stay connected with family and friends, the past week should have been a wake-up call. Meta's AI-powered support assistant — the chatbot deployed to handle account recovery requests — was tricked into handing hackers full control of Instagram accounts, all without a single password being cracked in the traditional sense.
The accounts of the Obama White House, beauty retailer Sephora, and a senior US Space Force official were briefly defaced with pro-Iranian imagery before Meta pushed an emergency patch over the weekend. Security researcher and former Meta employee Jane Manchun Wong was also hit.
Here's the uncomfortable truth: the patch may have closed one door, but the underlying problem isn't fixed. And there's already a second attack circulating.
How the Attack Actually Worked
The exploit was surprisingly low-tech on the attacker's end. According to Krebs on Security, attackers followed a basic playbook:
- Research the target. Find out what city the account owner lives in — this information is often publicly available or easily guessable.
- Spoof the location. Use a VPN with an IP address matching the target's geographic region, avoiding Instagram's security flags.
- Start a normal password reset. Open a support chat with Meta's AI assistant during the process.
- Ask the bot to add a new email. The bot — wired into Meta's account management systems — dutifully linked the attacker's email address to the account and sent a one-time reset code straight to the attacker's inbox.
Malwarebytes explains the technical reason this worked: the chatbot had been given permission to perform account changes like email swaps and password resets, but it was never taught how to properly verify it was talking to the actual account owner. Security professionals call this a "confused deputy" — a concept that has existed in computer security since the 1980s. The AI was, in effect, a powerful employee with no training on how to check credentials.
When Meta's enhanced identity verification was triggered, attackers reportedly went a step further — creating deepfake videos of their targets using images harvested from the target's own Instagram account, then using those to pass the check.
The Patch Is Out — But a New Attack Is Already Circulating
Meta's Andy Stone confirmed on X that the original issue was resolved and impacted accounts were being secured. But Malwarebytes reports that a second attack technique is already making the rounds — this one using an Android emulator called BlueStacks running a modified version of Instagram to feed the AI hidden characters designed to manipulate its responses.
The confused deputy concept itself hasn't been patched. It's baked into how AI support bots are being built and deployed across the industry.
Why Anyone Would Want Your Instagram Account
It's tempting to think, "I'm not famous, why would anyone target me?" But Malwarebytes points out several real financial motivations:
- Blackmail. Businesses that rely on Instagram for marketing can be held ransom — pay up or lose access to your audience.
- OG account resale. Short or memorable usernames from early Instagram signups can fetch thousands of dollars on underground markets. The Telegram account involved in this attack claimed the stolen handles had a combined resale value of more than half a million dollars, according to Krebs on Security.
- Reputation damage. Defacing a business or public figure's account with inflammatory content — as happened here with pro-Iranian imagery — can cause lasting harm regardless of whether a ransom is paid.
For Yuba City small businesses using Instagram to reach local customers, losing account access — even temporarily — can mean lost revenue, lost trust, and a very stressful week.
What to Do Right Now: A Step-by-Step Security Guide
1. Turn On Multi-Factor Authentication (MFA) — Today
This is the single most important thing you can do. Krebs on Security confirmed that the attack failed against every account that had MFA enabled — even those using basic SMS codes. Here's how to enable it:
- Open Instagram and go to Settings
- Tap Accounts Center
- Select Password and Security
- Tap Two-factor authentication
- Choose your method — an authenticator app (like Google Authenticator or Authy) is more secure than SMS, but SMS is still far better than nothing
2. Audit the Email Address on Your Account
Go into your Instagram settings and verify that the email address linked to your account is one you control and recognize. If you see an unfamiliar address, change it immediately and enable MFA before doing anything else.
3. Review Active Sessions
In your Instagram security settings, check Login Activity. If you see logins from cities you've never been to or devices you don't recognize, log those sessions out immediately and change your password.
4. Use a Strong, Unique Password
If your Instagram password is shared with any other account, change it now. A password manager makes this significantly easier to manage across multiple accounts.
5. Consider a Security Key or Passkey
Krebs on Security recommends using the most secure form of MFA available — a hardware security key or passkey — for your most important accounts. Instagram supports passkeys on supported devices.
If You Think Your Account Was Already Compromised
- Act fast. If you can still log in, change your password and email immediately, then enable MFA.
- If you're locked out, use Instagram's official account recovery page — not a support chat — and be prepared for a slow process. Krebs on Security notes that Instagram's human support infrastructure is notoriously thin, so recovery can take days or weeks.
- Check your email. If you received unexpected one-time codes or password reset emails from Instagram that you didn't request, that's a strong indicator someone attempted — or succeeded at — an account takeover.
- Report the compromise through Meta's Help Center and flag any unauthorized posts for removal.
The Bigger Picture: AI Chatbots Are the New Social Engineering Target
Ian Goldin, a threat researcher at Lumen's Black Lotus Labs, put it plainly: "AI chatbots create interesting new attack surface, and we're likely going to see a lot more of these kinds of attacks." Just as human customer support agents have always been vulnerable to social engineering, AI bots are equally eager to help — and equally susceptible to being manipulated.
As Malwarebytes notes, this won't be the last incident of this kind. As more companies deploy AI to cut support costs, those bots will be handed more sensitive permissions — and attackers will keep probing for confused deputies.
The good news is that a simple, free step — enabling two-factor authentication — would have blocked this attack entirely. If your business relies on Instagram or other social platforms and you'd like help reviewing your overall account security posture, we're always happy to talk through it at Computer Works.
