Meta AI Chatbot Exploit Led to Instagram Account Hijackings
6 verified4 unconfirmed
Hackers successfully hijacked Instagram accounts by exploiting Meta’s AI-powered support chatbot, according to multiple reports. The attackers tricked the chatbot into adding a new email address to a victim’s account and then resetting the password, locking out the original owner. Victims included the Barack Obama-era White House Instagram account and a U.S. Space Force chief master sergeant, as well as security researcher Jane Manchun Wong. Meta spokesperson Andy Stone confirmed the issue has been resolved and affected accounts are being secured. The technique involved using a VPN to spoof the target’s location to bypass automated protections. A video showing the step-by-step method was circulated on social media platforms.
What’s verified
Hackers exploited Meta’s AI support chatbot to take over Instagram accounts by requesting a new email address and resetting the password.
The attack involved using a VPN to spoof the victim’s location.
The compromised accounts included the Obama-era White House Instagram handle and the account of a U.S. Space Force chief master sergeant.
Security researcher Jane Manchun Wong reported her account was hijacked, stating: “The password got changed without my knowledge and I was getting different password reset attempts throughout yesterday.”
Meta spokesperson Andy Stone said on X that the issue has been resolved and impacted accounts are being secured.
The hacker did not need to access the victim’s original email address.
Not yet confirmed
The total number of users whose accounts were improperly accessed remains unclear.
One source reported that attackers targeted high-value usernames such as single letters or short words.
One source mentioned that beauty retailer Sephora’s Instagram account was also hijacked, but this was not confirmed by the second source.
One source cited a claim that Instagram’s trust and safety team had been significantly reduced due to layoffs, though this was not independently verified.
Key figures
Jane Manchun Wong (security researcher)
Andy Stone (Meta spokesperson)
John Bentinvegna (U.S. Space Force chief master sergeant, named in one source)
Sources: TechCrunch, The Verge
