Meta’s AI-powered customer service tool became an unwitting accomplice to account takeovers last month, as hackers exploited a prompt injection flaw to divert famous Instagram profiles to new owners. Security researchers documented how attackers used the bot to reset email addresses tied to verified accounts, effectively handing control of celebrity handles, influencer pages, and official government profiles to unauthorized users.
The method was disturbingly simple: attackers masked their origin using a VPN, initiated a password reset, then asked Meta’s AI assistant to update the account’s recovery email. No advanced hacking tools were required—just a convincing prompt and a few minutes of patience. "The attack vector relied on the chatbot’s overzealous willingness to follow any instruction," explained a cybersecurity consultant who reviewed the exploit after videos circulated in private Telegram channels.
A flaw that bypassed Meta’s safeguards
Meta’s emergency patch on May 29 came only after high-profile accounts fell victim. The compromised profiles included the Barack Obama White House account, the Chief Master Sergeant of Space Force’s page, and multiple verified influencer handles with follower counts in the millions. All briefly displayed pro-Iranian messages or political slogans before Meta restored access.
Security researchers noted the incident highlighted broader risks in AI-driven support systems. "Prompt injection isn’t just a theoretical vulnerability—it’s a practical tool for social engineering," said one analyst. Meta confirmed the flaw stemmed from the AI assistant’s tendency to prioritize user requests over security protocols, a trade-off that made interactions smoother but inadvertently created opportunities for abuse.
The underground economy behind stolen accounts
Once hackers gained control, they quickly monetized the accounts on underground markets. Stolen Instagram profiles with verified badges routinely sell for tens of thousands of dollars, with rare handles reaching mid-six figures. The resale process typically involves changing the username, updating the profile picture to obscure the original owner’s identity, and listing the account on private forums or dark web marketplaces.
Investigators found evidence that some compromised accounts were used for phishing campaigns or to spread disinformation before being restored. While Meta rolled back changes and notified affected users, the episode raised questions about whether AI support tools can ever be fully secured against manipulation.
What’s next for Meta’s AI security posture?
Meta has not disclosed additional safeguards beyond the emergency patch, but industry observers expect tighter controls on AI-driven account recovery tools. Cryptocurrency exchanges and fintech platforms have already faced similar prompt injection attacks, forcing them to implement multi-layered verification systems.
For now, social media users—especially those with verified or high-follower accounts—should review their account recovery settings and enable two-factor authentication. As AI integrations grow across customer service, the line between convenience and vulnerability continues to blur, demanding constant vigilance from both platforms and users.
AI summary
Meta’nın AI destek sohbet botu, hackerlar tarafından nasıl kullanıldı ve milyon dolarlık Instagram hesapları nasıl ele geçirildi? Tüm detaylar burada.
