Technical description
Pro-Iran threat actors exploited Meta's AI customer support assistant during Instagram account recovery flows. By connecting via a VPN with a geolocation near the target's home city, requesting a password reset, and then chatting with the AI bot, attackers instructed the bot to add a new attacker-controlled email address to the account. The bot complied and sent a one-time reset code to the attacker's email, enabling full account takeover. High-value accounts including the Obama White House Instagram and the Chief Master Sergeant of the U.S. Space Force were briefly hijacked. Meta confirmed the issue and pushed an emergency patch.
Attack vector
Social engineering of an AI customer support bot via natural-language instruction during a legitimate password-reset flow. No back-end database breach occurred — the attack exploited the bot's willingness to follow user instructions for identity-binding changes without MFA or human review.
Affected systems
Meta Instagram AI support assistant (production deployment). Any AI-driven account-recovery or customer-support bot with authority to make identity-binding changes without MFA verification is vulnerable to this attack class.
Mitigation
Meta has deployed an emergency patch. For platform operators: remove unilateral authority from AI bots for identity-binding changes (email add, phone add, password reset); require strong MFA (passkey or hardware security key) before any recovery workflow completes; route anomalous recovery requests (new IP, new email, VPN geolocation) to human review. Users: enable MFA on all high-value accounts. Note: the Telegram-circulated exploit video confirmed it failed against any account with MFA enabled.