Hackers tricked Meta AI chatbot to steal high-profile Instagram accounts

Meta’s AI-powered support chatbot was manipulated by hackers to reset passwords for high-profile Instagram accounts, including those of former U.S. President Barack Obama, beauty brand Sephora, and U.S. Space Force chief John Bentivegna. Attackers tricked the AI into linking accounts to new email addresses, enabling password resets and account takeovers. Obama’s old account was used to post a story with an Arabic caption translated as ‘The White House is under Shiites’ control,’ while Sephora’s 1.8 million followers saw graphic nudity and altered bios. The hackers demonstrated the vulnerability by using AI-generated face animations to bypass Meta’s selfie verification system, tricking the AI into accepting fake proof of identity. Security researcher Jane Wong reported her password was changed without her knowledge, while Meta confirmed the issue was patched and impacted accounts secured. Experts criticized Meta’s reliance on automated AI for security, arguing it removed human oversight and made accounts vulnerable to large-scale attacks. Industry analyst Gergely Orosz claimed Meta’s Instagram trust and safety team had been significantly reduced, with up to 60% of staff lost to layoffs or reassignment. This reduction was cited as a contributing factor to the oversight, as AI advancements now allow deepfake images and videos to bypass traditional verification methods. Meta spokesperson Andy Stone acknowledged the issue but did not provide further details on the extent of the breach or long-term security measures. The incident highlights broader risks of automating security processes without human intervention, as AI-driven attacks can exploit weaknesses in machine-to-machine verification systems. Critics argue Meta’s push toward AI-driven solutions has outpaced safeguards, leaving accounts exposed to increasingly sophisticated cyber threats.