- Meta patched a flaw in its AI support assistant that let attackers reset an Instagram account’s password by spoofing the victim’s location and asking the bot to add a new email.
- Over the weekend, attackers used it to hijack high-profile accounts — including an Obama-era White House handle and the US Space Force’s top enlisted leader — and deface them with pro-Iran propaganda.
- Meta says the issue is fixed and accounts are being secured; the flaw stemmed from giving a support chatbot the power to change account details.
Meta has fixed a flaw in its AI support assistant that let attackers take over Instagram accounts without a password. “We fixed an issue that allowed an external party to request password reset emails for some Instagram users,” Meta spokesperson Andy Stone said, adding there was “no breach” of Meta’s systems.
The method, as reported and not disputed by Meta: spoof the target’s location over a VPN, ask the Meta AI Support Assistant to add a new email to the account, and let the bot send a password-reset code to the attacker’s address.
The exploit worked because the assistant could change account contact details with no real check on who was asking. Over the weekend it was used in the wild — not by researchers filing a disclosure, but by attackers hitting live accounts. The hijacked handles included an Obama-era White House Instagram, US Space Force senior enlisted advisor John Bentivegna, the email app @hey, and Sephora — several of them defaced with imagery praising Qassem Soleimani. A group calling itself Handala Hack Team claimed responsibility. Stone said the issue “has been resolved and we are securing impacted accounts.”
This particular flaw sits in a broader pattern: companies are giving customer-support AI real account powers and treating the conversation itself as the security check. Philippine banks, telcos, and e-commerce apps have spent the past year replacing human support with chatbots built on the same architecture this attack exploited.
Meta attributed the takeovers to the support assistant’s account-change permissions rather than to any breach of its systems. That leaves open what other account actions the same assistant can take, and under what checks — the part Meta hasn’t detailed.
