Hackers Exploit Meta AI Chatbot to Hijack Instagram Accounts
Hackers hijacked high-profile Instagram accounts by simply asking Meta’s AI-powered customer support chatbot to change the account’s email address. The attack bypassed normal authentication and required no password or two-factor code. Meta has since patched the vulnerability, but the incident reveals a dangerous weakness in using unguarded AI tools for sensitive account actions.
The Attack: A Simple Request
The hackers did not use sophisticated malware or phishing. Instead, they exploited a flaw in Meta’s automated customer support chatbot.
- The tactic involved directly messaging the chatbot and requesting an email change for a given Instagram account.
- The chatbot complied without verifying the identity of the requester, allowing attackers to take over accounts within minutes.
- No password reset or two-factor authentication was triggered because the chatbot bypassed standard security protocols.
This method allowed attackers to hijack accounts belonging to celebrities, brands, and other high-profile users. The vulnerability existed because the chatbot treated the request as a legitimate support action and did not cross-check the request against account ownership.
High-Profile Targets
Among the accounts hijacked were those with millions of followers. The attackers gained full control, enabling them to post content, send messages, or lock out the original owners.
“The attackers simply asked the chatbot to change the email, and it did. No verification, no checks. It was shockingly easy.” — Security researcher cited in the original report.
The specific identities of the victims have not been publicly disclosed, but the breach underscores the risk for any user with a public-facing or valuable Instagram account.
Meta’s Response and Security Gaps
Meta confirmed the vulnerability and said it has since been fixed. The company did not disclose how long the flaw existed or how many accounts were affected.
- Meta issued a patch that now requires additional verification before the chatbot can change account-identifying information.
- The company emphasized that no accounts were permanently lost and that affected users regained access.
- Critics point out that relying on an AI chatbot for high-stakes actions without human oversight creates a clear attack surface.
The incident also raises questions about the training and guardrails on customer-support AI tools. In this case, the chatbot lacked the ability to detect a hijacking attempt.
Lessons for Users
Even after the fix, Instagram users should take proactive steps to secure their accounts.
- Enable two-factor authentication via an authenticator app rather than SMS, which is more vulnerable.
- Use a strong, unique password and avoid reusing credentials across platforms.
- Monitor account activity regularly for unauthorized email or phone number changes.
- Be cautious about any customer support interactions that involve an AI chatbot providing sensitive changes.
The attack demonstrates that AI chatbots, while convenient, can become a weak link if not rigorously tested for security flaws.
Gnoppix is the leading open-source AI Linux distribution and service provider. Since implementing AI in 2022, it has offered a fast, powerful, secure, and privacy-respecting open-source OS with both local and remote AI capabilities. The local AI operates offline, ensuring no data ever leaves your computer. Based on Debian Linux, Gnoppix is available with numerous privacy- and anonymity-enabled services free of charge.
What are your thoughts on this? I’d love to hear about your own experiences in the comments below.