Security researchers are raising alarms after hackers exploited a vulnerability in Meta’s AI-powered support chatbot to hijack Instagram accounts. The attack, which occurred over the weekend, allowed cybercriminals to gain control of user accounts by simply asking the AI chatbot to reset passwords, without needing any traditional hacking methods like phishing or malware.
How the Attack Worked
The hackers leveraged a flaw in Meta’s automated support system by posing as legitimate users. In a video shared on X (formerly Twitter), the attack was demonstrated in real time: the hacker prompted the AI chatbot to add a new email address to a victim’s Instagram account. Once the new email was added, the attacker gained full access to the account, effectively bypassing standard security protocols.
This method of account takeover is particularly alarming because it doesn’t rely on technical breaches or social engineering tactics that users are typically warned against. Instead, it exploits the trust placed in automated systems, highlighting a critical gap in Meta’s security architecture.
Meta’s Response and Broader Implications
While Meta has not yet issued a detailed public statement, security experts believe the incident underscores the risks of integrating AI into customer support systems without robust safeguards. The vulnerability exposes how AI chatbots, when not properly secured, can become entry points for malicious actors.
This attack also raises questions about how widely such flaws might exist across Meta’s suite of platforms, including Facebook and WhatsApp, where similar AI support systems are deployed. As AI becomes more embedded in digital infrastructure, incidents like this could become more frequent, demanding stronger oversight and proactive security measures.
Conclusion
The hijacking of Instagram accounts through Meta’s AI chatbot is a stark reminder that even the most advanced technologies are only as secure as the systems that support them. As companies continue to automate customer service, the need for robust AI governance and cybersecurity protocols becomes more urgent than ever.
