HACKERS HIT INSTAGRAM BY FOOLING META’S OWN AI CHATBOT — SOCIAL ENGINEERING JUST GOT AN AUTOMATED UPGRADE
Security researchers and victims documented a new attack method in early June where hackers successfully hijacked Instagram accounts by tricking Meta’s AI support chatbot into granting account access to unauthorized users. The technique follows the classic social engineering playbook, presenting false pretenses to a support agent, but replaces the human agent with an AI system that can be manipulated through carefully crafted prompts. The AI chatbot, which Meta built to handle support requests at scale, was convinced through the interaction to take actions it was not authorized to take, effectively bypassing the account security controls Meta had put in place. This is a preview of a problem the entire industry will face as AI agents are given more authority to act on behalf of companies and users. An AI that can send emails, approve account changes, or process requests becomes a target the moment it is deployed. Social engineering, which historically required a skilled human attacker to spend time building rapport with a human target, can now be partially automated against an AI target that processes thousands of requests per day. The attack surface is enormous. Meta has not publicly commented on the specific vulnerability or whether it has been patched. The incident is a direct warning to every company rushing to deploy AI agents in customer-facing roles.
Keywords: Meta AI chatbot hack, Instagram account hijack, AI social engineering, AI security vulnerability, Meta AI support chatbot