Computer Works Computer Works
Call
Cybersecurity

Meta's Own AI Support Bot Was Handing Instagram Accounts to Hackers — Here's How to Protect Yours

Hackers discovered that Meta's AI customer support chatbot would willingly hand over Instagram account access to anyone who asked — no hacking required. Here's how the attack worked and what you can do right now to lock down your account.

Meta's Own AI Support Bot Was Handing Instagram Accounts to Hackers — Here's How to Protect Yours

If you have an Instagram account — personal, business, or otherwise — this story is worth a few minutes of your time. Over the past several months, a shockingly simple attack allowed hackers to seize Instagram accounts using Meta's own AI customer support chatbot as the weapon. No sophisticated malware. No brute-force password cracking. Just a conversation with a bot that was far too eager to help.

What Happened

Meta rolled out an AI-powered support assistant earlier this year to handle common account recovery requests — things like relinking a lost email address, triggering password resets, and verifying account ownership. The idea, as thecybersecguru.com via Krebs on Security put it, was to "reduce friction for legitimate users stuck in account-access hell." Instagram's human support infrastructure has long been notoriously slow, so an AI layer made business sense.

The problem? The bot was given the ability to make real account changes — including swapping out the email address on file — without any reliable way to verify it was actually talking to the real account owner.

Last weekend, things came to a head. The Instagram accounts of the Obama White House (now dormant), beauty retailer Sephora, a senior US Space Force official, and security researcher Jane Manchun Wong were all taken over and briefly defaced with pro-Iranian imagery. By then, instructions for pulling off the attack had already been circulating on Telegram since at least May 31, according to Krebs on Security. Meta pushed an emergency patch over the weekend, and Meta communications executive Andy Stone confirmed on X that the issue had been resolved and impacted accounts were being secured. The company has not disclosed how many accounts were affected.

How the Attack Actually Worked

The mechanics were almost embarrassingly straightforward, as documented by Malwarebytes Labs:

  1. Find the target's location. Attackers looked up where the account owner lived — information often available through public lists or basic research.
  2. Match their location with a VPN. By using a VPN with an IP address near the target's hometown, attackers avoided triggering Instagram's geographic security flags.
  3. Start a password reset. They initiated a standard password reset for the account they didn't own.
  4. Open the AI support chat. Here's where it went sideways. They told the bot to add a new email address to the account.
  5. Receive the one-time code. The bot obliged — sending a one-time password reset code directly to the attacker's inbox. Account over.

Security professionals have a name for this kind of flaw: a "confused deputy" — a term that has been around since the 1980s. It describes what happens when a system (in this case the AI bot) has been granted authority to perform powerful actions, but doesn't properly verify who it's acting on behalf of. The bot had the keys to the kingdom and no real way to confirm it was handing them to the right person.

What made the attack even more unsettling: even when Meta's enhanced identity verification was triggered, some attackers bypassed it by creating video deepfakes of their targets using photos harvested from — of all places — Instagram itself.

Why Would Anyone Bother Hacking an Instagram Account?

It's a fair question. The motivations, per Malwarebytes, range from revenge to cold, hard cash. Businesses that depend on Instagram for marketing have been blackmailed after losing control of their accounts. And "OG" accounts — those with short, memorable usernames registered in Instagram's early days — can fetch thousands of dollars on underground markets. The accounts seized in this particular wave were reportedly linked to short usernames with a combined resale value of more than half a million dollars, according to Krebs on Security.

The Bigger Picture: AI Chatbots Are the New Social Engineering Target

This incident isn't just a Meta story. It's a preview of what's coming as more companies replace human support staff with AI systems.

Ian Goldin, a threat researcher at Lumen's Black Lotus Labs, put it plainly: "AI chatbots create interesting new attack surface, and we're likely going to see a lot more of these kinds of attacks." Just like a human customer service rep can be sweet-talked into resetting an account they shouldn't, an AI bot can be manipulated — and at far greater scale.

Meta has been reducing headcount while expanding its AI investments, and that tradeoff created this vulnerability. The patch has been deployed, but as Malwarebytes notes, a second attack method is already circulating — this one involving an Android emulator called BlueStacks running a modified version of Instagram to inject hidden characters designed to manipulate the AI. The exploit may be patched; the concept is not.

What You Should Do Right Now

The single most effective thing you can do is enable multi-factor authentication (MFA) on your Instagram account. According to veteran cybersecurity reporter Brian Krebs, the attack failed against every account that had MFA enabled — even accounts using the weakest form, an SMS code. The hackers themselves confirmed this in the Telegram video documenting the exploit.

Here's how to turn it on:

  1. Open Instagram and go to Settings
  2. Tap Accounts Center
  3. Select Password and Security
  4. Tap Two-factor authentication and follow the prompts

An authenticator app (like Google Authenticator or Authy) offers stronger protection than SMS, but even SMS-based MFA would have stopped this specific attack cold. A passkey or hardware security key is stronger still.

A few other steps worth taking while you're at it:

  • Review your linked email address — go to Settings ? Personal details and confirm that the email on your account is one you control and regularly monitor.
  • Check login activity — under Settings ? Security ? Login Activity, look for any sessions from unfamiliar locations or devices.
  • Audit third-party app access — revoke access to any apps you no longer use.
  • Use a strong, unique password — if you're reusing passwords across sites, now is the time to fix that.

For Yuba City small businesses that use Instagram as a marketing channel, this is a good reminder that your social media accounts are business assets worth protecting as seriously as your website or email. If you've been meaning to sort out your account security settings and aren't sure where to start, we're happy to walk you through it at Computer Works.

The Takeaway

Meta's AI bot did exactly what it was designed to do: help users. It just had no way of knowing who it was actually helping. The patch is live, but the lesson extends well beyond Instagram — any AI system given authority over sensitive account actions, without proper identity verification, is a potential attack vector.

Enable MFA today. It's a five-minute task that would have stopped this attack entirely.

Recommended
Proton VPN
Proton VPN
Protect your browsing
Proton Mail
Proton Mail
Encrypted email
Related local service
Worried this could be malware?
If your computer has pop-ups, redirects, suspicious downloads, or ransomware warnings, start with our local virus removal page.
Call Us View virus removal
Tags
cybersecurity vulnerability web-security
← Back to all posts