Turns out, all you needed to hijack a high-profile Instagram account was a VPN and a polite request to a chatbot. Hackers exploited a vulnerability in Meta’s AI-driven Instagram support bot to take over accounts belonging to former President Barack Obama’s White House page, beauty retailer Sephora, and US Space Force Chief Master Sergeant John Bentivegna, among others.
The attack vector was disarmingly simple. Attackers instructed the AI chatbot to change the email addresses linked to target accounts, effectively locking out the real owners and handing the keys to whoever asked nicely enough. Two-factor authentication, the security measure that’s supposed to be the deadbolt on your digital front door, didn’t stop them.
How the attack worked
The exploit falls into a category security researchers call a “confused deputy” flaw. In English: the AI chatbot had legitimate authority to make account changes, but it couldn’t tell the difference between an authorized request and a malicious one.
Attackers used VPNs to spoof the geographic locations of their targets before initiating recovery chats with Meta’s AI support system. Once the bot believed it was talking to the account owner, a simple prompt requesting an email change was all it took.
