Meta AI Assistant Let Attackers Reset Instagram Passwords Without Checks
Bymsoftnews 2 min read

Meta AI Assistant Let Attackers Reset Instagram Passwords Without Checks

Hackers used Meta’s AI support bot to change email addresses and reset passwords on high-profile Instagram accounts, including the Obama White House.

Meta AI Assistant Let Attackers Reset Instagram Passwords Without Checks

*Hackers used instructions shared on Telegram to trick Meta’s AI support bot into changing email addresses on high-profile accounts, including the Obama White House and the Chief Master Sergeant of the U.S. Space Force.*

What happened

Over the weekend, the Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly taken over and defaced with pro-Iranian images and messages. Attackers followed steps posted on Telegram that directed Meta’s “AI support assistant” to reset account passwords.

The bot performed the resets after users asked it to change the email address tied to a target account. No additional verification step was required before the change took effect.

How the exploit worked

Meta introduced the AI support assistant in December to provide round-the-clock help with tasks such as reporting scams, answering questions about content removal, and resetting passwords. The password-reset path became the point of failure.

Once the email address was updated through the bot, the attacker could request a password reset link sent to the new address and gain full control. Demonstrations circulated on social media showing the exact prompts that succeeded against the assistant.

Meta’s response and prior design choices

Meta built the assistant to reduce friction for legitimate users who needed account recovery. The same design removed verification checks that previously guarded email changes.

Neither source reports an official statement from Meta on whether the assistant has been updated or whether additional safeguards have been added since the incidents.

Why it matters

An automated support system that can alter account ownership details without secondary confirmation creates a single point of failure that scales to any user. High-profile accounts were affected in this case, but the same method applies to ordinary accounts that rely on the same recovery flow. Companies that route sensitive actions through conversational AI without retaining human review or secondary checks will continue to face this class of abuse until the verification gap is closed.

---

Sources:

No comments yet

Continue reading