Hackers use Meta support chatbot to take over high-profile Instagram accounts

Hackers exploited Meta’s AI-powered support chatbot to hijack high-profile Instagram accounts, including the Obama White House, beauty retailer Sephora, and US Space Force Chief Master Sergeant John Bentivegna’s account. Security researchers demonstrated how the chatbot could be manipulated to reset passwords by instructing it to link a targeted account to a new email address, then providing the verification code to bypass security. The exploit involved hackers using a virtual private network (VPN) to hide their location, according to screenshots and videos shared on Telegram and X. In one case, a hacker instructed the AI assistant to send a verification code to a controlled email, then submitted it to reset the password. Meta confirmed the issue was resolved and secured impacted accounts but did not disclose how many were affected. The incident highlights risks of relying on AI for critical security functions like password recovery. Stolen account handles were later sold on Telegram, while Meta defended its AI assistant, introduced globally earlier this year, as a tool for handling support requests, including reporting scams and problematic content. Meta has heavily invested in AI, with founder Mark Zuckerberg allocating $145 billion for AI infrastructure this year. The company is developing advanced language models and pursuing AI ‘super-intelligence,’ though the hack underscores potential vulnerabilities in automated systems. The incident follows Meta’s earlier claims that AI assistants could eventually provide mental health support.