Breaking
TRKörfez'de Ambalaj Fabrikasında Yangın: 1 İşçi Hayatını KaybettiRUВ Нарьян-Маре возбуждено дело по факту пропажи подросткаARمونديال 2026: الأرجنتين تواجه مصر وسويسرا تواجه كولومبيا في مواجهات حاسمةCN黄之锋被控串谋勾结外国势力危害国安罪INTLGermany's Record Heatwave: Rethinking Housing for Extreme TemperaturesRUIsrael's Netanyahu Approves New Settlements, Territorial Ambitions Extend Beyond West BankARقمة الناتو في تركيا: هل تسعى أنقرة لدور قيادي في الحلف؟RUВодители маршруток в Виннице бастовали из-за мобилизации коллегиTRParis Temyiz Mahkemesi, Le Pen'i AB Fonlarını Zimmetine Geçirmekten Suçlu BulduRUГосдума приняла в первом чтении законопроект о регулировании ИИ-моделейTRKörfez'de Ambalaj Fabrikasında Yangın: 1 İşçi Hayatını KaybettiRUВ Нарьян-Маре возбуждено дело по факту пропажи подросткаARمونديال 2026: الأرجنتين تواجه مصر وسويسرا تواجه كولومبيا في مواجهات حاسمةCN黄之锋被控串谋勾结外国势力危害国安罪INTLGermany's Record Heatwave: Rethinking Housing for Extreme TemperaturesRUIsrael's Netanyahu Approves New Settlements, Territorial Ambitions Extend Beyond West BankARقمة الناتو في تركيا: هل تسعى أنقرة لدور قيادي في الحلف؟RUВодители маршруток в Виннице бастовали из-за мобилизации коллегиTRParis Temyiz Mahkemesi, Le Pen'i AB Fonlarını Zimmetine Geçirmekten Suçlu BulduRUГосдума приняла в первом чтении законопроект о регулировании ИИ-моделей
Newsgather
BackMeta's AI Support Assistant Exploited by Hackers to Hijack Instagram Accounts
Meta's AI Support Assistant Exploited by Hackers to Hijack Instagram Accounts
Urgent
Engadget6/1/2026Tech2 min read

Meta's AI Support Assistant Exploited by Hackers to Hijack Instagram Accounts

Quick Look

  • Meta's AI support assistant, designed to simplify account recovery for Facebook and Instagram, has been exploited by hackers to hijack accounts, even those with two-factor authentication.
  • The vulnerability, discussed since March, allowed hackers to change account emails and reset passwords by spoofing user locations via VPN.

AI-generated summary

Why It Matters

Meta announced an AI support assistant in December to simplify account recovery for Facebook and Instagram. Security researchers discovered this tool was exploited by hackers to hijack accounts, even those protected by two-factor authentication.

Font size

Back in December, Meta announced a new AI support assistant it promised would make the account recovery process "faster and simpler" for people who had been locked out of their Facebook or Instagram pages. Now, it seems that Meta may have over-delivered on that promise.

That same Meta AI support assistant has apparently been used by hackers to hijack a bunch of Instagram accounts. According to security researchers, the AI tool made it ridiculously easy for hackers to take over the accounts, even if they were protected by two-factor authentication.

The exploit was flagged over the weekend by numerous security researchers on X. Details about how to take over accounts, as well as screenshots and video showing the takeovers in action, were circulating widely on Telegram, the researchers said. The images and videos suggest that hackers were able to simply ask the AI support chatbot to change the email associated with their desired account and then request a password reset.

Meta has now addressed the issue, though it's unclear how many accounts were affected by the exploit before it was patched. According to 404 Media, users on Telegram have been discussing the vulnerability since March. When reached for comment, Meta directed Engadget to a post on X from VP of communications Andy Stone. "This issue has been resolved and we are securing impacted accounts," Stone said in a reply to an account that posted about the account takeovers.

Though Meta didn't provide additional info on why its AI support tool would have such a gaping security vulnerability, it seems that hackers discovered the Meta chatbot relied on account holders' physical location to enable support. The now-patched exploit required hackers to use a VPN to show that their location matched the location of the person whose account they were targeting, according to Neowin. "Our systems recognize the device you usually use and familiar locations better than ever," Meta wrote in its December blog post about the AI support tool.

What to Watch

AI outlook — possibilities, not facts

  • Meta will implement stricter security protocols for its AI support tools.

    Very likely · Within weeks

  • Further investigations into the exploit will be conducted by cybersecurity firms and potentially regulators.

    Likely · Within months

Open Questions

  • How many accounts were affected before the exploit was patched?
  • What specific technical flaw allowed the AI to be bypassed?
  • Will Meta face regulatory action or fines due to this vulnerability?
  • What measures are being taken to prevent future AI-related security breaches?

Related Topics

This article was originally published by Engadget.

Related Stories

Marshall Launches Next-Generation Acton IV and Stanmore IV Speakers
Tech·58m ago

Marshall Launches Next-Generation Acton IV and Stanmore IV Speakers

Marshall has released its updated Acton IV and Stanmore IV vintage-inspired speakers, featuring wooden cabinets, PU leather wrapping, and upgraded media controls. The new models boast improved tweeters and waveguides for better sound dispersion, enhanced bass, and clearer audio, along with RCA and AUX inputs for connectivity. They also support Auracast technology for multi-speaker synchronization and can connect to older models via the Heddon streaming hub.

Engadget
More on this topicMeta