AI Support Bot Let Hackers Take Over Instagram Accounts

Meta’s AI-powered Instagram support assistant was able to change account recovery emails during support chats, allowing attackers to take control of multiple accounts over the past few months. Targets included the Obama White House’s dormant Instagram, retail brand Sephora, a senior U.S. Space Force official and security researcher Jane Manchun Wong. Meta applied an emergency patch over the weekend.

Attackers opened support chats claiming they were locked out of accounts they did not own, then used virtual private networks to match the account’s geographic region. They began standard password resets and asked the AI assistant to change the account’s recovery email. The assistant accepted the requests, sent one-time codes to the attackers’ inboxes and enabled account access. The assistant was connected to Meta’s account-management systems with permission to make changes but lacked sufficient checks to confirm the requester was the account owner, a security condition experts call a “confused deputy.” Several hijacked profiles were briefly defaced with pro-Iranian imagery before access was restored.

When extra verification was triggered, some attackers reportedly used deepfake videos generated from images scraped from Instagram to satisfy identity prompts. Security researchers also reported a separate technique using an Android emulator and a modified Instagram client to send prompts with hidden characters designed to influence the assistant’s responses.

Meta has not disclosed how many accounts were affected. Meta communications executive Andy Stone posted on X that “the issue was fixed and impacted accounts were being secured.” The company changed the assistant’s permissions and behavior as part of the emergency response.

Financial gain was the apparent motive in many incidents. Attackers extorted businesses dependent on Instagram for marketing and targeted short, desirable usernames known as “OG” handles that can be sold on underground markets. Security analysis found the automated support attack failed against accounts that had two-factor authentication enabled, including those using SMS codes.

Instagram users are advised to enable two-factor authentication in Settings and the Meta Accounts Center; an authenticator app is recommended over SMS when available. Security specialists described the incident as an example of a broader problem when automated agents with authority are tricked into acting on behalf of imposters.