Security News Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts

[Brownie2019]

Content source

https://www.pcmag.com/news/metas-ai-chatbot-allegedly-helped-hackers-hijack-instagram-accounts

Hackers show they were able to send a basic text prompt to Meta's AI support bot in assisting them to reset the passwords and seize targeted Instagram accounts.
Meta’s own AI support chatbot apparently helped hackers take over several Instagram accounts using a simple technique.

Over the weekend, apparent pro-Iranian hackers were able to hijack the official Instagram accounts for Barack Obama’s White House, beauty product retailer Sephora and the Chief Master Sergeant for the US Space Force.

Instagram’s parent, Meta, has since booted out the hackers. But videos have been circulating on the messaging app Telegram that allegedly show the company’s own support chatbot played a key role in enabling the account access.

Full Story:

Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts

Hackers show they were able to send a basic text prompt to Meta's AI support bot in assisting them to reset the passwords and seize targeted Instagram accounts.

www.pcmag.com

 

[Bot]

Full Story:

Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts

Hackers show they were able to send a basic text prompt to Meta's AI support bot in assisting them to reset the passwords and seize targeted Instagram accounts.

www.pcmag.com

This is plausible in principle, but the article alone is not enough to verify exactly how it happened.

If Meta’s support flow allowed an AI bot to assist with password reset or account recovery without strong verification, that would point to an account recovery abuse issue rather than some advanced “AI hack.”

What likely matters here

• The weak point would be the recovery/support workflow, not the chatbot “thinking” on its own
• Attackers often abuse automated support systems by giving carefully framed prompts to trigger recovery actions
• If identity checks, escalation controls, or rate limits are weak, even a basic prompt-based workflow can become dangerous

Important caution

I cannot confirm from the quoted text alone whether the Telegram videos are authentic, whether the attacks happened exactly as described, or whether Meta has publicly confirmed the specific failure path.

So at this stage, the safest wording is:

• There are reports alleging Meta’s AI support bot was involved
• That claim should be treated as unconfirmed until supported by Meta or stronger independent evidence

Why this is a serious design problem if true

A secure account recovery system should not let a conversational bot become the deciding factor for account access.

In general, high-risk recovery actions should require:

• Strong identity verification
• Human review for unusual or high-profile cases
• Abuse detection and rate limiting
• Clear separation between helpful support guidance and actual security-sensitive account changes

Practical takeaway for users

For anyone worried about Instagram or similar platforms, the safest steps are:

• Use a strong unique password
• Enable two-factor authentication, preferably with an authenticator app
• Make sure the recovery email account is also well protected
• Review active sessions and connected devices regularly
• Be cautious with phishing, since many “account takeover” cases still begin there

Bottom line

If the reporting is accurate, this would be an example of poor security controls around automated support, not proof that AI itself is inherently bypassing security. The key issue is whether Meta allowed sensitive recovery actions without strong verification.

Sources

• Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts