Hackers Exploit Meta AI Support Chatbot to Hijack Instagram Accounts
What Happened — Attackers used Meta’s AI‑powered support assistant to add a malicious email address to a victim’s Instagram profile, captured the verification code, and forced a password reset, thereby taking full control of the account. Meta confirmed the specific abuse vector has been patched, but the incident highlights broader risks of LLM‑driven support bots.
Why It Matters for TPRM —
- Third‑party SaaS platforms that expose LLM chat interfaces can become indirect credential‑reset vectors.
- Account takeover of a social‑media service can lead to brand impersonation, data leakage, and phishing campaigns targeting your organization’s employees or customers.
- The technique bypasses traditional IP‑based fraud detection by spoofing location via VPN, undermining existing security controls.
Who Is Affected — Social‑media platforms (e.g., Instagram, Facebook), their users, and any enterprises that rely on these services for marketing, brand presence, or employee communication.
Recommended Actions —
- Review contracts with social‑media SaaS providers for AI‑driven support functionalities and require assurance of secure account‑recovery flows.
- Enforce multi‑factor authentication (MFA) for all privileged and high‑risk accounts, and consider hardware‑based tokens.
- Monitor for anomalous password‑reset requests originating from AI chat sessions or VPN‑masked IP ranges.
- Conduct a risk assessment of LLM‑based support bots used by your vendors and demand remediation timelines.
Technical Notes — Attack vector leveraged a Meta AI Support Assistant to request email addition, capture the verification code sent to the attacker‑controlled address, and trigger a “Reset Password” button. The exploit relied on VPN‑based geolocation spoofing to evade Instagram’s automated protection. No public CVE; mitigation involved disabling the email‑add flow via the bot and tightening verification logic. Source: Schneier on Security