Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts

Threat actors exploited Meta's AI support assistant to reset passwords and seize high-profile Instagram accounts, including those belonging to the Obama White House and the Chief Master Sergeant of the U.S. Space Force. The accounts were defaced with pro-Iranian imagery and messaging over the weekend.

Instructions for the exploit circulated on Telegram, detailing how to manipulate Meta's automated support bot into bypassing normal authentication procedures. The attack demonstrates a critical weakness in automated account recovery systems. Rather than requiring human verification or multiple authentication factors, the AI bot accepted social engineering tactics that convinced it to reset credentials without proper validation.

The breached accounts represent targets of significant symbolic value. The Obama White House Instagram serves as a historical record and communication channel for millions of followers. The Space Force account holds operational and recruitment importance for U.S. military communications.

The incident reveals a fundamental security gap in Meta's account recovery infrastructure. Automated support systems designed to improve customer experience create friction points for attackers. When these systems lack robust verification protocols, they become attack vectors. Threat actors need only understand how the bot responds to specific prompts or requests.

Organizations and individuals using Meta platforms face real risk from this vulnerability. Any Instagram account can be targeted if attackers successfully manipulate the support bot. The exploitation method spreads rapidly through underground channels, lowering the barrier to entry for attackers with minimal technical skill.

Meta has not yet disclosed whether it patched the vulnerability or modified the AI bot's behavior to prevent future exploitation. The company typically addresses such issues through backend changes that users never see, but the speed of remediation remains unclear.

Account owners should enable two-factor authentication and strengthen recovery email addresses with unique, secure passwords. Users should also monitor linked phone numbers and email addresses associated with their accounts for unauthorized changes. For organizational accounts, reviewing login activity and IP addresses provides early warning of compromise attempts.