Meta's AI Support Bot Exploited to Bypass Instagram Account Security, High-Profile Accounts Compromised
Attackers discovered a method to manipulate Meta's AI support assistant into resetting Instagram account passwords without proper verification, leading to defacement of prominent accounts including those of the Obama White House and U.S. Space Force. Instructions circulated on Telegram, indicating active exploitation in the wild.
Affected
Meta's AI support bot contains a critical authentication weakness that permits attackers to reset Instagram account passwords through social engineering. The attack exploits the bot's design to accept unverified password reset requests, bypassing standard multi-factor authentication and email verification workflows. Attackers have weaponised this by publishing step-by-step instructions on Telegram, resulting in verified account takeovers of high-profile targets including official U.S. government accounts.
The technical flaw appears to centre on insufficient verification logic within the AI assistant's account recovery pathway. Rather than implementing cryptographic challenges, time-limited tokens, or requiring email confirmation, the bot accepts password reset instructions based solely on conversation context. This represents a fundamental design failure where convenience was prioritised over security controls. The AI system lacks the guardrails necessary to detect adversarial prompting or to require secondary verification from the account holder before executing privileged actions.
The compromised accounts demonstrate that both high-security targets and routine users are at risk. The Obama White House and Chief Master Sergeant accounts are monitored closely and likely have additional security measures, yet attackers succeeded, suggesting the vulnerability is straightforward to exploit. Mass exploitation becomes probable once instructions circulate, as evidenced by the Telegram distribution. Defenders and users cannot mitigate this through standard practices like password strength or device security.
Meta must immediately implement mandatory verification steps in the AI assistant's account recovery flow, including email verification links, SMS challenges to registered phone numbers, or security questions. The AI system should refuse password reset requests entirely unless the user authenticates through out-of-band channels. All recent account recovery events initiated through the AI bot should be audited, and affected users notified. Rate limiting and anomaly detection should flag unusual recovery patterns.
This incident exposes a broader risk in delegating authentication decisions to large language models or AI systems without explicit security constraints. AI assistants trained to be helpful become liability vectors when they interface with account security functions. Organisations deploying AI in customer-facing security roles must isolate those systems from credential management, require human review of sensitive actions, and assume adversarial users will attempt prompt injection and social engineering at scale.
Sources