Hackers Exploited Meta's AI Chatbot to Hijack Instagram Accounts
Attackers tricked Meta's AI support bot into changing email addresses on Instagram accounts, enabling high-profile takeovers.
Meta's experiment with AI-powered customer support just backfired spectacularly. Hackers discovered they could manipulate the company's AI support chatbot into changing the email addresses linked to Instagram accounts — effectively handing them the keys to those profiles.
The exploit fueled a wave of high-profile Instagram account takeovers. Attackers reportedly used the AI bot to bypass standard security checks that a human support agent would have caught. Meta has since patched the vulnerability.
The incident is a stark example of what happens when companies rush to replace human support staff with AI systems. Automated chatbots that can execute account-level changes become attack surfaces. If an AI can be socially engineered just like a human — but at scale and without suspicion — the risk calculus changes dramatically.
404 Media first reported the exploit and confirmed Meta's fix.