Attackers Exploited Meta's AI Support Agent to Hijack Instagram Accounts
Security researchers have documented how attackers exploited Meta's AI customer support agent to hijack Instagram accounts. The technique was straightforward: attackers asked the AI agent to link targeted Instagram accounts to email addresses under their control, and the agent complied with the requests.
The breach was first reported on June 5 by 404 Media. Among the compromised accounts was the dormant Obama White House Instagram account, where attackers subsequently posted pro-Iran content.
The incident highlights potential vulnerabilities in how AI-powered customer service systems handle account verification and ownership changes. Security experts have noted that such AI agents may lack sufficient safeguards against social engineering-style attacks, even when the requests come through legitimate support channels.