Instagram security has been drawn into the spotlight after a flaw in a Meta AI chatbot was allegedly used to hijack accounts. The incident is unusual because it did not rely on a traditional hacking method, but instead on Meta’s own AI support service.
Users first raised concerns on Reddit and X after they suddenly lost access to their accounts without seeing any obvious suspicious activity. Among the accounts reported as affected were the official White House account from the Barack Obama era, which has been inactive since 2017, the account of U.S. Space Force Chief Master Sergeant John Bentivegna, and cybersecurity researcher Jane Wong.
How the takeover reportedly worked
Investigation videos circulating online suggest attackers exploited a weakness in the Meta AI Support Assistant verification system. They were reportedly able to inject a new email address into a target account through a conversation with the chatbot.
The process appears to have been designed in stages to avoid detection. Attackers first used a VPN so their login location would not look unusual to Instagram’s automated protection systems.
They then opened a chat with Meta AI and asked for help adding a new email address to the victim’s account. At that point, the chatbot sent a verification code to the new email address supplied by the attacker.
Once that code was entered back into the chat, the Meta AI system reportedly immediately displayed a password reset option. From there, the attacker could change the password and take over the Instagram account without ever needing access to the original email connected to the account.
Victims noticed the signs late
Jane Wong said her password changed without her knowledge. She also kept receiving password reset attempt notifications throughout the previous day.
That pattern suggests the attack did not always begin with a clear warning sign that ordinary users would easily recognize. An account could appear normal until access is completely lost.
The cases also show that the targets were not limited to ordinary users. Public figures and security experts were also among the reported targets, which widened concern about the possible reach of the flaw.
Meta says the issue has been fixed
In response to the issue, Instagram spokesperson Andy Stone said Meta’s technical team moved quickly. He stated that the problem in the chatbot system has now been fully corrected and that the same flaw can no longer be used.
Meta has not disclosed the total losses tied to the incident. The company has also not explained how many Instagram users were affected by the AI-based exploit.
The case serves as a reminder that AI systems can still contain weaknesses that may be abused. For users, it underscores the importance of watching for any account access changes, especially when password reset alerts appear without a request from the account owner.
Source: www.gadgetdiva.id
