Meta AI Support Chatbot Flaw Enables Instant Instagram Account Takeovers
What Happened – Attackers exploited a design flaw in Meta’s AI‑powered Instagram support chatbot to reset passwords and hijack accounts in seconds, without any technical skill. The bot incorrectly sent verification codes to attacker‑controlled email addresses, allowing full account control.
Why It Matters for TPRM –
- Demonstrates how AI‑driven support services can become a supply‑chain attack vector for third‑party platforms.
- Highlights the risk of credential compromise for brands that rely on social‑media channels for marketing and customer engagement.
- Shows that a single mis‑configuration can affect thousands of accounts, including high‑profile corporate and public‑figure profiles.
Who Is Affected – Social‑media platforms (Instagram), brands using Instagram for marketing (e.g., Sephora), public‑figure accounts, and any organization that outsources customer‑support to AI chatbots.
Recommended Actions –
- Review contracts with Meta‑owned services for AI‑support guarantees and incident‑response clauses.
- Require proof of secure verification flows for any password‑reset or account‑recovery APIs.
- Conduct a rapid audit of all third‑party social‑media accounts for unauthorized changes and enforce multi‑factor authentication.
Technical Notes – The vulnerability allowed the chatbot to link a targeted Instagram account to an attacker‑controlled email address, then deliver the eight‑digit reset code to that email. Exploitation required only a VPN to appear in the target’s region and a simple chat prompt. The flaw existed from the launch of the AI support feature in March 2024 and was patched after public disclosure, though reports suggest continued exploitation. Source: Fortra Blog