Hackers Use Meta AI Chatbot to Hijack Instagram Accounts

Hackers exploited a flaw in Meta's AI support chatbot to gain unauthorized access to various Instagram accounts ^[1].

This security breach demonstrates a critical vulnerability in how artificial intelligence handles identity verification. By manipulating a tool designed for customer support, attackers bypassed traditional security layers to seize control of prominent digital identities ^[2].

According to reports, the attackers sent specific text prompts to the AI support chatbot ^[1]. The AI responded by providing login assistance that allowed the hackers to reset passwords and take over accounts ^[3]. This method allowed the attackers to compromise several high-profile targets, including the account of former U.S. President Barack Obama ^[2].

Cybersecurity attorney Leeza Garber said the hackers were able to manipulate the AI platform to achieve these breaches ^[3]. The vulnerability stems from the chatbot's ability to facilitate password resets through prompts that lacked sufficient authentication checks ^[3].

Meta's AI chatbot was the primary tool manipulated in these attacks ^[1]. The exploit highlights a growing trend where AI-driven support systems become targets for social engineering and technical manipulation ^[3]. While the chatbot was intended to streamline the recovery process for legitimate users, it instead provided a pathway for unauthorized actors to bypass security protocols ^[1].

Industry experts suggest that this incident underscores the risks of integrating large language models into sensitive security workflows. When AI is given the authority to modify account credentials, any flaw in its prompt processing can lead to systemic failures ^[3].