Hackers Exploit Meta AI Support Bot to Hijack High‑Profile Instagram Accounts
Pro‑Iranian hackers briefly seized control of several high‑visibility Instagram accounts — including the Obama White House account and the Chief Master Sergeant of the U.S. Space Force — after instructions circulated on Telegram showing how to manipulate Meta’s AI support assistant into resetting account passwords.
How the Instagram Account Takeover Worked
Beginning May 31, Telegram channels tied to pro‑Iranian groups shared a video demonstrating a surprisingly simple exploit. According to the footage, attackers:
- Used a VPN to mimic an IP address near the victim’s hometown
- Initiated a standard Instagram password‑reset request
- Selected the option to chat with Meta’s AI support assistant
- Instructed the bot to add a new email address to the account
- Received a one‑time code at that email, enabling a full password reset
The Telegram account behind the video also posted screenshots of defaced Instagram profiles, claiming the exploit allowed them to steal rare, short‑handle usernames — some allegedly valued at more than $500,000 on underground markets.
Meta’s Response
Meta has not issued a detailed public statement, but the company reportedly confirmed that the dormant Obama White House Instagram account was compromised. Security researchers at thecybersecguru.com reported that Meta deployed an emergency patch and emphasized that no internal databases were breached.
The blog noted that Instagram’s historically slow and automated support process likely motivated Meta to introduce an AI‑driven recovery assistant designed to help users with:
- Relinking lost email addresses
- Triggering password resets
- Verifying account ownership
However, that same convenience created a new attack vector.
Why AI‑Driven Account Recovery Is a Growing Security Risk
Ian Goldin, a threat researcher at Lumen’s Black Lotus Labs, warned that AI‑powered support systems introduce new social‑engineering risks. Just as human support agents can be manipulated, AI chatbots can be persuaded into performing unauthorized actions.
Goldin noted that AI chatbots expand the attack surface, and similar exploits are likely to emerge as more platforms automate sensitive account‑recovery workflows.
How Users Can Protect Their Instagram Accounts
The attackers themselves admitted that their method did not work on accounts protected by multi‑factor authentication (MFA). Even Instagram’s weakest MFA option — SMS one‑time codes — would have blocked the takeover.
To secure your accounts, enable the strongest MFA available, such as:
These options significantly reduce the risk of unauthorized access, even when platform support tools are exploited.
Reward this post with your reaction or TipDrop:
Like
0
Dislike
0
Love
0
Funny
0
Angry
0
Sad
0
TipDrop
0










