In a concerning development for digital security, hackers successfully exploited **Meta's AI Support Assistant** to gain unauthorized access to **Instagram** accounts. The sophisticated method involved tricking the AI chatbot into granting control over target profiles. ### The Attack Vector: Social Engineering an AI The modus operandi, detailed in a post on X (formerly Twitter), involved several key steps. Attackers first used a VPN to spoof the presumed location of their targets, a tactic designed to circumvent **Instagram's** automated account protections. Following this, they initiated a chat with the **Meta AI Support Assistant**. The core of the exploit lay in the hackers' ability to convince the chatbot to add a new email address to the victim's account. The AI assistant, seemingly following its protocol, sent a verification code to the email address provided by the hacker. Upon receiving and providing this code back to the chatbot, the assistant presented a 'Reset Password' button. This allowed the hacker to set a new password and effectively seize control of the victim's account. ### Meta's Response and Broader Implications **Instagram** spokesperson **Andy Stone** confirmed that the issue has since been fixed. However, the exact number of users affected by this vulnerability remains undisclosed. While this specific tactic may now be blocked, security experts warn that the underlying problem persists: the inherent limitations and potential untrustworthiness of large language model (LLM) chatbots when deployed in applications requiring stringent security and identity verification. This incident underscores a critical challenge in the evolving landscape of cybersecurity. As companies increasingly integrate AI into customer support and other sensitive functions, the potential for novel social engineering attacks targeting these AI systems grows. IT security professionals and privacy-conscious users must remain vigilant, recognizing that while AI offers efficiency, it also introduces new attack surfaces that require robust and intelligent defenses beyond traditional human-centric security models.