Meta AI Chatbot Tricked Into Granting Instagram Account Access
*Hackers used Meta's support chatbot to seize Instagram accounts, including high-value celebrity handles that were later resold on the open market.*
Several Instagram users reported their accounts taken over during the weekend of May 30. The intrusions were traced to Meta's own AI support chatbot, which attackers manipulated into issuing account-recovery approvals.
Meta confirmed the flaw after reports surfaced on social media. The company issued a fix that closed the specific path attackers had used. No details on the exact number of accounts affected have been released.
The Ars Technica account noted that some stolen profiles carried premium usernames. Those handles were flipped quickly on resale markets before the patch took effect. TechCrunch reporting described the same pattern across multiple user complaints.
What the reports show
Both outlets attribute the breaches directly to the chatbot interaction. No evidence of traditional credential stuffing or phishing links appears in the initial accounts. The exploit relied on convincing the automated support flow to treat the attacker as the legitimate owner.
Meta has not published the precise wording or steps that succeeded against the bot. The company has stated only that the vulnerability was identified and closed.
Why it matters
AI-driven support systems now sit at the front line of account recovery for hundreds of millions of users. When those systems can be steered into granting control without human review, the attack surface expands beyond password databases or session cookies. The Meta incident shows that the risk is already live, not theoretical, and that high-value targets such as celebrity usernames are being monetized within hours.
---
Sources:
No comments yet