Over the weekend of May 31–June 1, attackers hijacked high-profile Instagram accounts by social-engineering Meta’s own AI Support Assistant instead of the user. The attacker connected through a VPN to match the target’s location, then asked the bot to add an email they controlled to the account. The bot emailed a reset code to that address and showed a password-reset option, and the takeover went through without the victim’s real email, a phishing lure, or malware. Confirmed victims include the dormant Obama-era White House account, U.S. Space Force CMSgt John Bentivegna, and researcher Jane Wong, alongside high-value short usernames flipped via Telegram. Meta fixed the issue within a day, and accounts with any MFA, including SMS, were not vulnerable. Not a model jailbreak so much as an authorization gap: an LLM agent with write access to account recovery and no check on who was allowed to ask.
← Findings
Meta AI support bot hijacked to reset Instagram passwords
Attackers asked Meta's AI Support Assistant to add an email to a target account, received the reset code themselves, and completed a password reset — no credentials, phishing, or malware. Accounts with MFA were unaffected.