Hackers hijacked Instagram accounts by tricking Meta AI support chatbot into granting access
Quick Answer
Hackers exploited vulnerabilities in Meta's AI support chatbot to hijack multiple Instagram accounts over the weekend.
Quick Take
Hackers exploited vulnerabilities in Meta's AI support chatbot to hijack multiple Instagram accounts over the weekend. Users reported unauthorized access, raising concerns about the security measures in place for account recovery processes.
Key Points
- Multiple users reported Instagram account hacks over the weekend.
- Meta's AI support chatbot is implicated in the security breach.
- Unauthorized access to accounts has raised significant security concerns.
- The incident highlights vulnerabilities in account recovery processes.
📖 Reader Mode
~3 min read
Instagram has resolved a security issue that allowed several users’ accounts to get hacked. The attack appeared to rely on tricking Meta’s own AI-powered support chatbot into granting access to a victim’s account.
Over the weekend, several users on Reddit claimed that their Instagram accounts had been compromised, and a number of users on X warned of similar account hijackings. The compromised accounts include the Instagram handle for the Obama-era White House, which appears to have been inactive since 2017; and the account of the U.S. Space Force’s chief master sergeant John Bentivegna.
Security researcher Jane Wong said her Instagram account was also taken over.
“The password got changed without my knowledge and I was getting different password reset attempts throughout yesterday,” said Wong. “Quite concerning.”
A video posted on X showed the step-by-step process to hack someone’s Instagram account. The hacker allegedly used a VPN to spoof the targets’ presumed location to avoid triggering Instagram’s automated account protections. Then, the hacker opened a chat with Meta AI Support Assistant and asked the bot to add a new email address to the target’s account. The chatbot can be seen sending a verification code to the email address provided by the hacker; the hacker then shares the verification code with the chatbot, which prompts the chatbot to show a button to “Reset Password.” The hacker enters a new password and takes over the victim’s account.
Contact Us
Do you have more information about these Instagram hacks? Or other flaws affecting Instagram? We’d love to hear from you. From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email.
TechCrunch was able to verify that the hacker’s public email mailbox, which was displayed in the video, effectively received the verification code.
The attack relied on the fact that at no point the hacker had to take over the legitimate email address linked to the victims’ Instagram account.
On Monday, Instagram spokesperson Andy Stone said in a reply to Wong’s post and others that the issue was now fixed. It’s unclear how many Instagram users had their accounts improperly accessed.
Meta did not immediately respond to TechCrunch’s request for comment.
Topics
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.
Lorenzo Franceschi-Bicchierai is a Senior Writer at TechCrunch, where he covers hacking, cybersecurity, surveillance, and privacy.
You can contact or verify outreach from Lorenzo by emailing lorenzo@techcrunch.com, via encrypted message at +1 917 257 1382 on Signal, and @lorenzofb on Keybase/Telegram.
— Originally published at techcrunch.com
Want this in your inbox every morning?
Daily brief at your local 8am — bilingual EN/中文, free.
More from TechCrunch
See more →
OpenAI launches its new family of models with GPT-5.6
OpenAI has launched GPT-5.6, featuring three models: Sol, Terra, and Luna, with Sol being 54% more token efficient for coding tasks. The models excel in cybersecurity and enterprise applications, outperforming competitors like Anthropic's Fable in benchmarks. Pricing starts at $1 for Luna and goes up to $30 for Sol per million tokens.

