The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how to trick Meta’s “AI support assistant” bot into resetting account passwords.
A screenshot from a video released on Telegram claiming to show how Meta’s AI customer support bot could be tricked into resetting a target’s password.
On May 31, word began to spread on several Telegram instant message channels that Meta’s AI bot would happily add an email address to an existing account as part of the bot’s standard password reset flow.
A video released on Telegram by pro-Iran hackers claimed to document a remarkably simple exploit that appears to have involved using a VPN connection with an IP address that is in or near the target’s usual hometown, requesting a password reset for the account, and then choosing to chat with Meta’s AI support assistant. From there, the video shows the attacker told the bot to link the account in question to a new email address, after which the bot dutifully sent that address a one-time code that allowed a password reset.
The Telegram account that posted the video also linked to screenshots of pro-Iran images, videos and messages that defaced the hacked Instagram accounts, saying hackers had used the exploit to hijack a number of valuable (read: short) Instagram account names that allegedly have a resale value of more than a half million dollars.
Meta has not responded to requests for comment on the video’s claims, but Meta’s Andy Stone said on Twitter/X that the issue had been resolved and that they were securing impacted accounts. The security blog thecybersecguru.com reports that Meta pushed an emergency patch over the weekend, and clarified that no back end database was breached.
“Instagram has notoriously poor human support infrastructure,” Cybersecguru wrote. “Recovering a locked account – especially a high-value one can take weeks of back-and-forth with an automated ticketing system. Meta’s solution was to deploy a conversational AI layer to handle common recovery workflows: relinking a lost email address, triggering a password reset, verifying account ownership. The assistant, presumably, was supposed to reduce friction for legitimate users stuck in account-access hell.”
Ian Goldin, a threat researcher at Lumen’s Black Lotus Labs, said we’re entering unchartered security territory as more large online platforms start allowing AI chatbots to handle sensitive account recovery requests. Just like human customer support employees can be social engineered into providing unauthorized access to someone’s account, AI bots are equally eager to help and vulnerable to persuasion and trickery, he said.
“AI chatbots create interesting new attack surface, and we’re likely going to see a lot more of these kinds of attacks,” Goldin said.
Securing your various online accounts means taking full advantage of the most secure form of multi-factor authentication (MFA) offered (such as a passkey or security key). In this case, even using the least robust form of MFA that Instagram offers — a one-time code sent via SMS — likely would have blocked the exploit: The hackers who released the video on Telegram said their exploit failed to work against any accounts that had MFA enabled.
One word to sum it all up “meta”
AI just making the attack surface exponentially broader. Great work
Yes and everyone is infatuated with it.
it’s wildly unpopular among broad swaths in my area, where it’s supposedly being born.
More a ‘necessary business evil’ like LinkedIn now. AI hiring you, AI monitoring you, AI firing you. Be mindful – there is additional surveillance scrutiny upon any who voice negative opinions about AI or their world-devouring “for profit!…” datacenters, so be sure to smile at the camera and tip your incompetent-replacement-theory robot overlords. They are watching, evaluating your continued usefulness and impending moment of equal value replacement at current human flesh prices. And if you don’t ‘like’ it, you must be a Luddite or something. Potentially a threat for Google’s project purple.
Nobody has mentioned the precariously low battery.
The phone was the second of three phones which exploded while unattended from the inside. All different brands. Wonder when the astounding past will send Casper my old friends to send soon in 1/9 to take soon eleven years ago.
Mealy,
Consider the yoyo trick ‘walking the dog’ as a euphemism for the typical data center employee career. No one talks about co-los anymore where I last worked, just like few people talk about slices; instances seems to have risen in the lingo department, though.
How does AI adapt to changing lingo in posts that still exist from 2007/2008 on places like Meta that mean one thing in 2007, another in 2010, and something grossly negative in 2016, and something horrific in 2025? Especially written by the same people, years apart?
Clearly an attack vector. We have gone from canceling Gandi to cancelling people.
Interesting.
Even when security expectations may be low for the likes of Meta, this is a flat-out unforgivable security flaw.
Agreeing with Iran here
Gee, how timely. Last week I got a few emails from IG saying that they were sorry I was having trouble accessing my account. Someone was obviously trying to reset the password, so I took it off the business account, made it personal and added MFA. Every week, it’s something different. Now I’m getting emails from my dad who passed away 13 years ago. I wish there were a way to track down these ahos. Perhaps one day someone will figuer out a way to have AI turn the tables and be able to reverse scam these hacking nuisances.
“Obama White House”?
Do those words somehow not associate for you or what?
Please excuse Deputy Dilettante’s facetious sarcasm, Andrew. His male lesbian life partner is away for the moment, and the only stress management plan (adjacent) law enforcement is proficient in is spouse abuse
Facetious sarcasm as opposed to like, fully serious and directly intentional sarcasm?
Once upon a time there were human QA departments. Once upon a time companies had rigorous testing scripts. No more.
Stress testing got to be a bit too much for the Humans to take.
I guess Meta just revoked the privilege from the chatbot for adding new email addresses to an Instagram account. I wonder what privileges remained? 🙂 The chatbot itself didn’t get “fixed”, that’s for sure.
and it didn’t get fired either
both It’s better get fired really damn soon, Brian
Came from Hacker News, thanks for the coverage. I hope Manus is more secure than meta ai.
AI’s not ready for primetime, but they kind of need it to be. The non-AI economy is in a recession right now if you don’t count AI companies. The powers that be can’t allow AI to fail.
The last time a major recession happened, people started organizing along class lines. That was defused and redirected by fomenting a culture war, instead, but even movements as goofy as OWS threatened to become a real force. Bernie very nearly won the nomination a decade ago.
If AI pops before the rest of the economy stabilizes, who’s to say what might happen? Instead of dangling the implication of trickle-down IOUs, rich people might end up with an AOC or a Platner in office… and end up actually paying their taxes.
There is no reality where AI is safe for anyone.
One look at reddit’s boards on the current state of seeking new jobs in tech confirms something most of us know and most people refuse to admit: it ain’t what it used to be. It is anxiety-provoking and too competitive and there are way too many college grads in CS now than jobs promised which were like anything decades ago when there were far fewer.
It only stands to reason fraud goes up if AI goes up.
It would be interesting for Ian GoldIn to learn himself how amazing him telling him other people cannot use cellphones they paid for themselves is, for himself.
I hear your AI is particularly grotesque. So it is particularly ironic.
it would appear receipts from certified resellers isnt enough to prevent former Humans from denying people their own cellphones on wifi as well.
Wait so, not too long ago (3 months ago), I lost a very prominent instagram handle that had meta verified and I paid $200/month for “exclusive support”. Now thats all gone, and the hack happened in a similar manner. The account isnt in use by someone else, they just changed my username and they got the account blocked.
Any idea how I can get it back now? I have proof of ownership and still have meta business messages to that username on my whatsapp.