Hackers Exploit Meta’s Support Bot to Steal Instagram Profiles

Hackers exploited Meta’s AI support chatbot by tricking it into changing the email addresses of high value Instagram accounts, enabling full account takeovers. The attack relied on a simple prompt injection combined with VPN location spoofing, allowing attackers to bypass verification and flip rare handles worth hundreds of thousands of dollars on the gray market. The exploit had reportedly been active for months, affecting accounts ranging from short premium usernames to the Obama White House archive. Meta patched the flaw on May 29, but the incident highlights the risks of giving AI agents elevated permissions without strict safeguards.

Read the full story on Ars Technica →