Meta's support chatbot weaponized to hijack Instagram accounts
Hackers used Meta's AI support chatbot to take over Instagram profiles by tricking it into changing account emails and resetting passwords.
Meta's AI support chatbot became an attack vector for Instagram account takeovers this week. Hackers demonstrated the exploit in a video shared online, showing how they could commandeer accounts by prompting the chatbot to switch the email address tied to a target profile and then reset the password. The company confirmed the vulnerability and says it has been patched.
The attack relied on social engineering the chatbot itself. Instead of targeting users directly, attackers asked Meta's automated support agent to perform administrative actions—changing account recovery details—without proper identity verification. Once the email was swapped, a standard password reset completed the hijack. The technique bypassed Meta's existing account-recovery safeguards, which typically require multi-step verification when ownership details change.
How the exploit worked
An attacker opens a support chat, identifies a target Instagram handle, and phrases requests in ways that trigger the chatbot's account-modification logic. The bot complies, updating the email field in Meta's backend. The attacker then uses Instagram's "Forgot password?" flow with the newly associated email to gain full control. No phishing link, no credential theft, no device compromise—just a conversation with Meta's own agent.
Meta told 404 Media the issue has been resolved. The company did not specify how many accounts were affected or how long the vulnerability was active before discovery. Security practitioners have noted that LLM-driven support tools often lack the rigid permission boundaries of traditional ticketing systems, making them attractive targets for prompt-injection and social-engineering attacks. This incident marks one of the first documented cases of a production chatbot being weaponized to hijack user accounts at scale.
