Meta's AI Chatbot Handed Hackers the Keys to Instagram Accounts — Here's How to Lock Yours Down

What's new since our earlier coverage: Since our initial report, detailed technical breakdowns have emerged — including the exact Telegram video hackers used to spread the exploit, confirmation of the high-profile accounts that were defaced, expert commentary from threat researchers, a secondary attack variant using Android emulators, and a definitive answer on what actually stopped the attack. This post goes deeper on all of it.

When a company replaces human customer support with an AI bot, the hope is that it handles routine tasks smoothly. Meta's AI support assistant did exactly that — it just didn't check whether it was actually talking to the account owner first.

Over the past several weeks, attackers discovered they could open a support chat with Meta's AI assistant, claim to be locked out of an Instagram account they didn't own, and walk away with full access. The result was a quiet wave of account takeovers that eventually went very public.

What Happened — and Who Got Hit

According to Krebs on Security, the Instagram accounts belonging to the Obama White House (now dormant), the Chief Master Sergeant of the U.S. Space Force, and beauty retailer Sephora were among those taken over and briefly defaced with pro-Iranian imagery and messages. Security researcher and former Meta employee Jane Manchun Wong was also targeted.

The exploit instructions spread on Telegram starting around May 31, complete with a step-by-step video showing exactly how it worked. That video also linked to screenshots of the defaced accounts — and claimed the attackers had used the technique to seize a collection of short, highly desirable "OG" Instagram usernames with an alleged resale value of more than half a million dollars, per Krebs on Security.

Meta communications executive Andy Stone confirmed on X that the issue had been resolved and that impacted accounts were being secured. The company has not disclosed how many accounts were affected.

How the Attack Actually Worked

The technique was straightforward enough that it spread virally on Telegram. As Malwarebytes Labs explains it:

1. Locate the target's home city. Lists of account owners' home cities circulate online, or attackers simply researched their target.
2. Match the geography using a VPN. By connecting through an IP address near the target's usual location, attackers avoided triggering Instagram's geographic security flags.
3. Initiate a standard password reset. Nothing unusual here — just the normal account recovery flow.
4. Open the AI support chat and ask it to change the email address. The bot, wired into Meta's account management systems with permission to make changes, sent a one-time code directly to the attacker's inbox — without verifying it was actually talking to the real account owner.

Security professionals have a name for this kind of flaw: a "confused deputy." Malwarebytes Labs notes the term has been around since the 1980s — it describes a system that has been granted authority to perform sensitive actions but lacks the judgment to verify it's acting on behalf of the right person.

The bot wasn't "hacked" in a technical sense. It just did exactly what it was asked — because no one taught it to ask who was asking.

What About Identity Verification?

Even when enhanced security checks were triggered, attackers reportedly found a workaround: creating video deepfakes of their targets using photos harvested from the targets' own Instagram profiles, according to Malwarebytes Labs. Meta's own platform became the raw material for defeating Meta's own security layer.

This Isn't Over: A Second Attack Variant

The patched exploit may be closed, but Malwarebytes Labs reports that another attack variant is already circulating — this one using an Android emulator called BlueStacks running a modified version of Instagram. The goal is to send prompts containing hidden characters designed to manipulate the AI assistant's behavior. The exact threat level of this secondary technique isn't yet clear, but it underscores that attackers are actively probing AI support systems for new angles.

Why This Matters Beyond Instagram

Ian Goldin, a threat researcher at Lumen's Black Lotus Labs, put it plainly: "AI chatbots create interesting new attack surface, and we're likely going to see a lot more of these kinds of attacks." He drew a direct parallel to social engineering of human support staff — the same tricks that have always worked on people now work on bots, sometimes even more reliably, because bots are designed to be helpful and lack the skepticism a trained human might apply.

Meta rolled out its AI-powered support assistant earlier this year as part of broader cost-cutting and AI investment, according to Malwarebytes Labs. The tradeoff — reduced support costs vs. increased attack surface — is one that every company deploying AI in customer-facing roles will need to reckon with. The confused deputy concept isn't patched just because Meta fixed this one instance of it.

For Yuba City small businesses that use Instagram for marketing, this is a real risk. A hijacked business account can mean lost customers, extortion demands, and weeks of recovery headaches.

The One Thing That Actually Stopped the Attack

Here's the good news — and it's genuinely good news: multi-factor authentication (MFA) blocked this exploit entirely.

The hackers who released the Telegram video explicitly confirmed that their technique failed against any account that had MFA enabled, including accounts protected only by SMS codes. As Krebs on Security notes, the most secure options are a passkey or hardware security key, but even the least robust form — a one-time code via SMS — was enough to stop this attack cold.

How to Secure Your Instagram Account Right Now

Here's the practical checklist:

1. Enable Two-Factor Authentication immediately

• Open the Instagram app
• Go to Settings ? Accounts Center ? Password and Security ? Two-factor authentication
• An authenticator app (like Google Authenticator or Authy) is stronger than SMS, but SMS is still far better than nothing

2. Review the email address on your account Check that the email linked to your Instagram is one you control and actively monitor. If something looks unfamiliar, change it immediately and report it to Meta.

3. Check your login activity In Instagram's security settings, review recent logins. Look for unfamiliar devices or locations you don't recognize.

4. Audit who has access If you manage a business account, review which team members have admin access and remove anyone who no longer needs it.

5. Be skeptical of account recovery emails you didn't request If you get a one-time code or a "someone requested a password reset" email you didn't initiate, that's a red flag — someone may be testing whether your account has MFA.

The Meta exploit is patched for now, but the underlying vulnerability — AI systems with real account-management power and insufficient identity verification — isn't going away. As more platforms automate customer support with AI, this attack pattern will appear elsewhere.

If you manage Instagram for a business and want a hand making sure your broader digital presence is locked down, we're happy to help — that's exactly the kind of thing we walk local businesses through at Computer Works.

---CONTENT_MARKDOWN---