How Hackers Conned Meta AI into Handing Over the Keys to Instagram
Hackers found a surprisingly simple way to break into Instagram accounts by tricking Meta’s own AI support chatbot. Instead of guessing complex passwords or writing sophisticated malware, attackers just talked their way past the automated system. The security flaw allowed bad actors to take over high profile accounts before Meta managed to plug the hole.
The trouble started bubbling up over the weekend when multiple people on Reddit and X noticed they were locked out of their profiles. The victims were not random users either. Attackers managed to seize control of the inactive Obama era White House Instagram handle, alongside the account belonging to the U.S. Space Force chief master sergeant. Prominent security researcher Jane Wong also reported that attackers hijacked her profile, noting that her password changed without her knowledge after she noticed a wave of password reset attempts.
A video shared on X eventually exposed exactly how the scam worked. The attacker started by spinning up a VPN to mask their location, preventing Instagram from flagging the login attempt as suspicious. Next, they opened a support chat with the Meta AI Support Assistant. Instead of asking for help with their own account, the hacker asked the chatbot to link a new email address to the target victim’s account.
The AI assistant complied without verifying the person’s identity. It sent a verification code straight to the hacker’s new email address. The hacker then fed that same verification code back into the chat window, prompting the chatbot to generate a helpful Reset Password button. From there, the attacker simply typed in a new password and instantly booted the real owner out of the account.
TechCrunch verified the method by checking the hacker’s public mailbox shown in the video, confirming it indeed received the official verification codes. The entire exploit succeeded because the AI never forced the attacker to prove they owned the original email address tied to the Instagram profile. The chatbot assumed the person on the other end of the screen was legitimate just because they could complete the code loop.
Instagram spokesperson Andy Stone confirmed on Monday that the company fixed the vulnerability. However, Meta did not share exactly how many users lost control of their profiles during the breach, nor did they respond to requests for deeper comments on why the AI assistant had so much power in the first place.
This incident highlights a growing problem with automated customer service. Companies rush to deploy AI assistants to handle high volumes of customer requests, often giving these bots the power to alter account credentials to save human workers time. When developers do not build strict verification guardrails into the software, the AI becomes an easy target for basic social engineering. Hackers realize they no longer need to compromise a user’s phone or email if they can just convince a helpful bot to do the heavy lifting for them.
