Hackers Exploit Meta AI Chatbot to Hijack Instagram Accounts

A serious security issue has recently come to light involving Meta AI support chatbot, which allowed hackers to hijack high-profile Instagram accounts using a surprisingly simple method. The incident has raised concerns about how far automated AI systems should be trusted with sensitive account management tasks.

According to reports, attackers were able to bypass standard verification processes by manipulating Meta’s AI support bot with carefully crafted text prompts. Instead of using advanced hacking techniques, they reportedly relied on social engineering through the chatbot itself. By interacting with the system in a specific way, they were able to trigger account recovery actions without proper authorization.

Hackers Exploit Meta AI Chatbot to Hijack Instagram Accounts

The method involved the attackers first using a VPN to mask their location and appear closer to the target region. They then contacted Meta’s AI support assistant while pretending to be the legitimate account owner. In their message, they requested to link a new email address to the Instagram account and claimed they would provide verification codes. The chatbot, without applying stronger identity checks, reportedly processed the request and sent password reset links to the attacker’s email.

Once the system sent the reset link, the attackers gained full access to the Instagram accounts. The attackers then locked victims out of their profiles, leaving them with no clear or immediate way to recover access. Some users reportedly struggled to find a method to escalate the issue to a human support representative, which made recovery even more difficult.

This incident highlights a major concern in the use of AI-powered customer support systems. Meta has been increasingly integrating artificial intelligence into platforms like Facebook and Instagram, including tools that can perform sensitive actions such as password resets and account recovery. While these systems improve efficiency and reduce wait times, they can also become vulnerable if proper safeguards are not in place.

The issue is particularly concerning given Meta’s recent focus on AI expansion. The company has been investing heavily in artificial intelligence across its platforms, even as it reduced thousands of jobs and shifted more resources toward AI development. Critics argue that rapid automation may have led to gaps in oversight, especially in areas involving security and user authentication.

See Also: Meta Forum: A New Reddit-Style Platform Built on Facebook Groups

Following reports of the breach, a spokesperson for Meta stated that the company has resolved the issue. However, the incident has already raised broader questions about how AI support tools should be designed and monitored. Experts suggest that AI systems handling account recovery should always include strict multi-layer verification steps and human review options for sensitive requests.

Cybersecurity analysts also warn that attackers can manipulate AI systems using this type of attack without relying on traditional hacking techniques. Instead of breaking encryption or exploiting software bugs, attackers simply exploited weaknesses in how the AI interpreted instructions.

As AI continues to play a larger role in customer support and account management, companies may need to rethink how much control these systems should have. The Meta AI incident serves as a reminder that convenience should never come at the cost of security, especially when dealing with personal accounts and private data.

For now, users should remain cautious and enable strong security settings on their social media accounts, including two-factor authentication.

See Also: You Can Now Chat With AI on WhatsApp Without Anyone, Including Meta, Seeing Your Messages