Hacking Meta’s AI Chatbot

Hacking Meta’s AI Chatbot
Hackers are convincing Meta’s AI support chatbot to let them take over other peoples’ accounts:

A video posted on X showed the step-by-step process to hack someone’s Instagram account.

Hacking Meta’s AI Chatbot

Hackers are convincing Meta’s AI support chatbot to let them take over other peoples’ accounts:

A video posted on X showed the step-by-step process to hack someone’s Instagram account. The hacker allegedly used a VPN to spoof the targets’ presumed location to avoid triggering Instagram’s automated account protections. Then, the hacker opened a chat with Meta AI Support Assistant and asked the bot to add a new email address to the target’s account. The chatbot can be seen sending a verification code to the email address provided by the hacker; the hacker then shares the verification code with the chatbot, which prompts the chatbot to show a button to “Reset Password.” The hacker enters a new password and takes over the victim’s account.

[…]

On Monday, Instagram spokesperson Andy Stone said in a reply to Wong’s post and others that the issue was now fixed. It’s unclear how many Instagram users had their accounts improperly accessed.

It’s not that easy. Probably this particular tactic is now blocked. But there are others, many others, and they cannot be blocked as a class. The real problem is that LLM chatbots are not trustworthy enough for this application.

Another news article.

Tags: AI, chatbots, cybersecurity, hacking, LLM, Meta

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: AI, chatbot, Chatbot Hackers, chatbots, convincing, Cybersecurity, hacking, LLM, meta, Meta's, Over, support, take, them, Uncategorized

Hacking Meta’s AI Chatbot

Hacking Meta’s AI Chatbot

Smashing Security podcast #470: This AI security flaw might be impossible to fix

Smashing Security podcast #470: This AI security flaw might be impossible to fix

Smashing Security podcast #470: This AI security flaw might be impossible to fix

Smashing Security podcast #470: This AI security flaw might be impossible to fix

Smashing Security podcast #470: This AI security flaw might be impossible to fix

Smashing Security podcast #470: This AI security flaw might be impossible to fix

This month in security with Tony Anscombe – May 2026 edition

ESET APT Activity Report Q4 2025–Q1 2026

What to consider before asking an AI chatbot for health advice

BTMOB: A stealthy RAT burrowing deep into Android devices

Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise

Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise

Donate Bitcoin to this address

Donate Ethereum to this address

Smashing Security podcast #470: This AI security flaw might be impossible to fix

Smashing Security podcast #470: This AI security flaw might be impossible to fix

Hacking Meta’s AI Chatbot

Smashing Security podcast #470: This AI security flaw might be impossible to fix

Smashing Security podcast #470: This AI security flaw might be impossible to fix

Hacking Meta’s AI Chatbot

More Stories

Donate Bitcoin to this address

Donate Ethereum to this address

You may have missed