Hackers hacked a chatbot to hijack 20,000 Instagram accounts

Just over a week ago, Meta’s AI-powered chat assistant unwittingly gave hackers access to thousands of Instagram accounts, including high-profile accounts such as makeup retailer Sephora and the senior noncommissioned officer in the U.S. Space Force, as well as Barack Obama’s White House account.

The exact number was later revealed in a regulatory filing with the Maine Attorney General’s office. The total stands at 20,225 compromised accounts (including 30 Maine residents).

The hack, reported by 404 Media last week, was easy to carry out against account holders who did not have two-factor authentication enabled. The hackers simply asked the AI-powered bot to replace the email address of a targeted account with their own. Once this was granted, the hackers requested a password reset, prompting the AI ​​to send a code to their personal email address. After the hackers verified the password reset, they were able to take control of the account.

A step-by-step video of the process even appeared on X, showing how hackers used a VPN to make it appear as if they were at the target location. At no point did the hackers need the user’s original email address or password.

In an incident notification letter to Maine Attorney General Aaron Frey dated June 5, Meta acknowledged “a vulnerability in the AI-assisted account recovery system for Instagram…that was exploited by unauthorized third parties to perform password resets on Instagram user accounts.”

After the exploit became public, many Instagram users reported on Reddit and X that their accounts had been hacked, although the extent of the hack was unclear at the time. A Meta spokesperson posted on X that the exploit was fixed on June 1, shortly after the first reports.

How did AI enable hacking?

The problem is almost entirely because Meta’s customer support is now handled by AI. The tech giant made the change in March, saying it would allow “24/7 support for account issues such as updating your password and profile settings.”

But with the AI ​​chatbot managing the entire process, humans couldn’t intervene when suspicious activity began. This allowed hackers to carry out a social engineering attack and carry it out multiple times before anyone noticed.

Affected accounts have been forcibly logged out for all users and email addresses have been restored. Users were then prompted to reset their passwords and re-authenticate their credentials. Meta says that once accounts are secured, a second notice will be sent to remind users to enable two-factor authentication to prevent future attacks.

Meta has not yet responded to a request for comment.

How to protect yourself against similar attacks

The social engineering exploit had a major limitation: it did not work on accounts with multi-factor authentication. These accounts already had the code in their authentication app of choice or had received it via SMS. Without the MFA setting, the one-time reset code appears to be sent to an email address of your choice, allowing hackers to get hold of it.

The best way to protect yourself is to enable multi-factor authentication, available on all Meta platforms. He will not protect you 100% of the timebut it’s much better than a password by itself, and it would have fully protected against this particular exploit.

There are other things you can do to strengthen account securityincluding using passwords when available and a private email address to make your account credentials more difficult to find.