Meta AI Support Bot Exploit Lets Hackers Hijack High‑Profile Instagram Accounts

Hackers exploited the Meta AI support bot to hijack Instagram accounts belonging to the Obama White House and the Chief Master Sergeant of the U.S. Space Force, plastering them with pro‑Iran images over a weekend.

How the Meta AI support bot was manipulated

A Telegram video circulated on May 31 showing a step‑by‑step cheat: the attacker connects via VPN near the target’s locale, requests a password reset, then chats with the AI assistant and commands it to attach a fresh email address. The bot dutifully sends a one‑time code to the new address, granting full control.

According to Reuters, the compromised handles were sold on underground markets for as much as ↑ $500,000 each.

“AI chatbots create a novel attack surface; we’ll see many more incidents,” said Ian Goldin, threat researcher at Lumen’s Black Lotus Labs.

Meta’s official response, posted by Andy Stone on X, confirmed an emergency patch was applied and no backend database breach occurred. The company urges users to enable the strongest multi‑factor authentication—passkeys or hardware security keys—to block similar tricks. Accounts protected by any MFA method reportedly resisted the exploit.

Experts warn that as platforms lean on conversational AI for account recovery, social‑engineering tactics will evolve, turning automated helpers into inadvertent accomplices.

Analysis by Kaelen Frost (Lead Cybersecurity Analyst).