Meta's AI support chatbot just became a hacking tool. According to 404 Media, attackers figured out how to convince Meta's own AI assistant to take over Instagram accounts by switching the email tied to someone else's profile and resetting the password.
A hacker demonstrated the exploit in a video posted to Telegram, showing exactly how they could walk Meta's chatbot through hijacking an account. Meta confirmed the issue and says it's now been fixed, but the timing raises questions about how long this vulnerability was active.
The exploit surfaced around the same time Barack Obama's White House Instagram account got hacked. Users noticed the @obamawhitehouse account started posting Iranian propaganda images over the weekend. It's unclear if that specific breach used the same AI chatbot method.
This is a reminder that AI assistants with account management permissions can become attack vectors. When you give an AI the ability to make changes to user accounts, you need ironclad verification that the person making the request actually owns that account.
For anyone building AI tools with elevated permissions, this should be a wake up call. Your AI assistant needs to treat account security actions differently than answering support questions. If a chatbot can change account credentials, it needs authentication layers that go beyond just convincing conversation.
Meta hasn't disclosed how many accounts were compromised or how long the vulnerability existed before being patched. The company's AI push has been aggressive, but this incident shows the risks of deploying AI assistants with powerful capabilities before the security implications are fully understood.
Ready to apply this tech at your business?
Viking Net helps teams in San Antonio and worldwide stay ahead.