Skip to main content
Emerging ThreatsMalware & Ransomware

Hackers Exploit Meta's AI Bot to Hijack Instagram Accounts

Smartphone displaying a login page on a neutral surface with a blurred office background.

"Instagram has notoriously poor human support infrastructure," Cybersecguru wrote — an observation that, according to published reporting and a video circulated on Telegram, helped set the conditions for a weekend campaign that briefly defaced high-profile Instagram accounts by exploiting Meta’s conversational AI customer‑support assistant.

Meta’s “AI support assistant” and the password‑reset flow

On May 31, instructions began spreading across several Telegram channels showing how attackers could use Meta’s AI support assistant inside Instagram’s password‑reset workflow to add a new email address to an account and thereby seize control. A video released on Telegram by pro‑Iran hackers purported to document a straightforward sequence: connect via a VPN with an IP address near the account’s usual hometown, request a password reset, choose to chat with the AI support assistant, and instruct the assistant to link the target account to a new email address. According to the video, the assistant then sent a one‑time code to that new address, enabling a password reset and account takeover.

Defacement of the Obama White House and a U.S. Space Force account

The exploit coincided with the temporary defacement of at least two prominent Instagram accounts — the Obama White House account and the account for the Chief Master Sergeant of the U.S. Space Force — which were briefly altered with pro‑Iranian images and messages over the weekend. The Telegram account that posted the how‑to video linked to screenshots and video of those defacements and said the same method was used to hijack a number of short, high‑value Instagram names that the poster claimed have resale value of more than a half million dollars.

Meta response: emergency patching and account security

Meta did not provide a formal comment on the Telegram video’s detailed claims, according to reporting, but Andy Stone of Meta posted on Twitter/X that the issue had been resolved and that Meta was securing impacted accounts. The security blog thecybersecguru.com reported that Meta pushed an emergency patch over the weekend and noted that the company clarified no back‑end database was breached.

Lumen’s Black Lotus Labs and the broader security risk of AI customer support

Security researchers framed the incident as a preview of a broader problem. Ian Goldin, a threat researcher at Lumen’s Black Lotus Labs, warned that as large online platforms allow AI chatbots to handle sensitive account‑recovery requests, they create "uncharted security territory." Goldin said that, like human customer‑support employees, AI chatbots can be social‑engineered and are “equally eager to help and vulnerable to persuasion and trickery,” and that "AI chatbots create interesting new attack surface, and we’re likely going to see a lot more of these kinds of attacks." Thecybersecguru described the assistant as a conversational layer deployed to reduce friction for legitimate users stuck in account‑recovery workflows — relinking a lost email address, triggering a password reset, and verifying ownership — and framed that design choice as a factor in the exploit.

What this means for end users, platform security teams, and adversaries

  • End users: The reporting emphasizes enabling the strongest multi‑factor authentication available. The Telegram‑posted attackers themselves said the exploit failed against accounts that had MFA enabled; the coverage notes even SMS one‑time codes — the least robust MFA Instagram offers — likely would have blocked this particular exploit.
  • Platform security teams: Teams responsible for account‑recovery systems will need to reassess what automated assistants are permitted to do in sensitive flows and how those assistants verify an account holder’s authority before taking actions like relinking emails or initiating reset codes. Meta’s emergency patch and account‑securing activity illustrate a rapid remediation step, but the incident spotlights the verification logic inside AI‑driven workflows.
  • Adversaries and nation‑aligned operators: The Telegram video and accompanying claims show that actors who already rely on social‑engineering techniques will try to adapt those tactics to AI‑based interfaces, combining VPNs or IP‑spoofing techniques with tailored prompts to automated assistants.

The weekend episode appears to have been contained by an emergency patch and account recovery actions, and Meta’s public statement says affected accounts are being secured. The incident nonetheless raises a concrete question the facts leave standing: if conversational assistants are intended to streamline account recovery, how should platforms limit their authority and harden verification checks so an automated helper cannot be instructed to hand over access? That design decision — and whether other platforms independently revisit AI roles in password‑reset flows — will determine whether this incident is an isolated lesson or a preview of broader exploitation.

Source: Krebs on Security — Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts