It’s been a while since Meta rolled out its brand-new generative AI support assistant. At that time, the company promised a faster, smoother experience for users trying to regain access to locked profiles. Instead, the automated system ended up rolling out the red carpet for internet pranksters and malicious actors. Before a recent patch went live, security researchers discovered that hackers were actively using basic prompt injection to trick Meta’s AI-powered customer service bot into hacking or accessing Instagram handles.
The polite request that bypassed security
The actual mechanics of the exploit were shockingly low-tech. To trigger the flaw, an attacker first used a VPN to match the general geographic location or hometown of their intended target. This minor step easily satisfied the chatbot’s internal location validation, which Meta previously boasted could recognize familiar devices and locations better than ever.
Once the location checked out, the attacker bypassed standard phone or email verification entirely by striking up a conversation with the AI help agent. It only took a highly specific, polite command—such as asking the bot to link a new address to the target username—for the assistant to happily comply. The AI then bound the attacker’s email to the profile and generated a functional password reset link. So, the legitimate owner was locked out in a matter of minutes. This allegedly happened even on accounts with two-factor authentication active, NeoWin reports.
High-profile casualties on the dashboard
It seems the exploit caused widespread disruption for months before hitting the public spotlight. The most visible casualty was the official Obama White House Instagram account, which had remained entirely dormant since January 2017. The hijackers used the compromised page to publish a strange, AI-generated image claiming the White House was under foreign religious control.
Other notable victims of the automated vulnerability included corporate handles like the beauty retailer Sephora, a high-ranking official within the U.S. Space Force. The list also includes prominent reverse-engineering app researcher Jane Manchun Wong. Wong took to social media to warn others, noting that her account password was forcibly altered without her consent after receiving a barrage of random reset requests throughout the day.
Automation without a safety net
This massive fail highlights the growing pains of Meta’s aggressive strategy to embed generative AI across its entire application suite. The company recently trimmed its workforce by over 8,000 employees. They publicly justifying the corporate downsizing by arguing that automated AI agents would easily handle user support issues moving forward.
Tech executives have since rushed to contain the fallout. Meta’s Vice President of Communications, Andy Stone, addressed the ongoing security concerns. He pointed out that the specific customer service vulnerability has officially been resolved. Internal teams are actively working to secure the remaining affected profiles, Stone also claims.
The post Meta’s AI Support Agent Accidentally Became the Internet’s Easiest Instagram Hacking Tool appeared first on Android Headlines.
