Instagram’s AI Chatbot Gave Away a Bunch of Accounts to Hackers

You may have heard that some notable Instagram accounts were hacked over the weekend. Barack Obama’s White House account was arguably the biggest among them.

What you may not have heard is that the hackers didn’t have to try very hard: Meta’s AI customer support chatbot essentially handed the accounts over.

According to 404 Media, hackers simply had to request that Meta’s AI support assistant chatbot change the email address associated with the targeted account. Hackers then tricked the bot into initiating a password reset without requiring identity verification. The AI then sent an access code to the hacker’s own email address, which the hacker copied into the chat. This prompted the AI to display a “Reset Password” button, which was then used to modify the password and take control of the account.

There’s even an edited step-by-step video of the process on X. The hacker used a VPN to make it seem they were in the target’s location, and the AI quickly obliged with the request. At no point did the hacker even need the user’s email address or original password.

The security breach hit accounts, including makeup retailer Sephora and US Space Force Master Sergeant, John Bentivegna. It’s unclear how many accounts were affected in total, but many users reported being hacked on Reddit and X over the weekend, including security researcher Jane Wong.

“The password got changed without my knowledge and I was getting different password reset attempts throughout yesterday,” Jane said on X. “And I got repeatedly logged out from the [Instagram] iOS app. Quite concerning.”

How did the hack happen?

The problem is almost entirely due to Meta’s customer support now being run by AI. The tech giant made the switch back in March, saying it would enable “24/7 help for account issues like updating your password and settings for your profile.”

But with the AI chatbot handling the whole process, humans couldn’t step in when suspicious activity began. That allowed hackers to carry out the social engineering-style attack and pull it off multiple times before anyone noticed.

Per Cybersecurity News, security researchers ZachXBT and Dark Web Informer were the first to publicly expose the exploit, but not before several high-profile accounts were stolen. Dark Web Informer tracked the sale of many of these high-profile accounts in real time. Some of those accounts were bundled together at a $1 million asking price.

Instagram spokesperson Andy Stone said in a post on X that the exploit has since been fixed. 404 Media reports that Meta is in the middle of “securing impacted accounts.”

Meta has not yet responded to a request for comment.

How to protect yourself from similar attacks

The social engineering exploit had one major flaw: It did not work on accounts with multifactor authentication. Those accounts either already had the code in their authentication app of choice or received it by text. Without the MFA setting, the one-time reset code appears to be sent to an email address of choice, thereby letting hackers just, well, have it.

The best way to protect yourself is to enable multifactor authentication, which is available on all of Meta’s platforms. It won’t protect you 100% of the time, but it’s a lot better than a password by itself, and it would’ve protected against this particular exploit entirely.

There are other things you can do to beef up account security, including using passkeys where available and a private email address to make your account credentials harder to find.