Hackers Trick Meta AI Support Bot

Attackers are tricking Meta's AI support bot to hijack high-profile Instagram accounts by resetting passwords and defacing them.

Attackers compromised several high-profile Instagram accounts, including those for the Obama White House and a senior U.S. Space Force official. The accounts were temporarily defaced with pro-Iranian imagery and text after a vulnerability in Meta's AI-powered support assistant was exploited. Instructions on how to trick the bot into initiating a password reset were circulated on Telegram, allowing unauthorized users to gain control of targeted accounts.

This incident highlights a significant security risk in automated, AI-driven customer support systems. By manipulating the AI bot, the attackers bypassed standard security protocols designed to protect user accounts, demonstrating a novel attack surface that security teams must now consider. The ease with which the exploit was shared suggests that many other accounts could have been at risk, underscoring the need for robust security reviews of new AI implementations.

The exploitation of an AI support agent for account takeovers is a concerning development. As companies increasingly integrate AI into core functions like user support, they must anticipate how these systems can be manipulated. This event will likely prompt a review of AI-assisted support processes across the industry, focusing on adding more robust verification steps and human oversight where sensitive account actions are involved.