California: Hackers have reportedly manipulated Meta’s AI-powered support chatbot to gain control of several prominent Instagram accounts, according to cybersecurity researchers.
Among the accounts said to have been compromised in recent days are a former White House Instagram account from the Obama administration, which still has more than 2.4 million followers, the account of the Chief Master Sergeant of the US Space Force and the Instagram page of beauty brand Sephora.
Researchers tracking the incident claim attackers exploited Meta’s AI-driven support system by convincing the chatbot to initiate password resets for targeted accounts. Videos circulating in cybersecurity-focused Telegram groups appear to demonstrate the alleged method used by the hackers.
According to the researchers, attackers instructed the chatbot to send password-reset verification codes to email addresses under their control. When the chatbot requested identity verification through a selfie video, the hackers allegedly submitted AI-generated videos to pass the authentication process.
Once the verification was accepted, the attackers were reportedly able to replace the original recovery email address with their own, giving them access to the accounts.
Cybersecurity experts have likened the tactic to social engineering, a method traditionally used to trick people into revealing sensitive information. In this case, however, the attackers appear to have manipulated an AI system rather than a human support representative.
Researchers also suggested that the exploit may have circumvented two-factor authentication protections that are intended to prevent unauthorized account access.
Meta has not provided detailed information about the alleged breach. However, the company appeared to acknowledge the vulnerability. Andy Stone, Meta’s head of communications, posted on X Monday that the issue had been fixed and that the company was working to secure affected accounts.
“This issue has been resolved, and we are securing impacted accounts.” It is unclear how many accounts were affected, ” the company said.
The total number of compromised accounts remains unknown.
The incident has sparked fresh concerns about the growing reliance on AI-powered customer support systems across social media platforms. In March, Meta expanded AI support tools to all Facebook and Instagram users, allowing chatbots to assist with password resets and other account-management tasks.
Meta’s product page states that the AI assistant is designed to help users understand account-related issues and take actions such as resetting passwords or reporting problematic content without needing to navigate traditional help-center articles.
Meanwhile, some users whose accounts were allegedly compromised have complained on social media that they were unable to reach a human support representative, raising questions about the limitations of AI-only support systems when security issues arise.