Instagram Account Hijacks Expose the Security Risks of AI-Powered Support

Attackers exploited a flaw in Meta’s AI-driven support chatbot to hijack Instagram accounts by initiating password recovery, using VPNs to mimic the victim's location, engaging the AI assistant to add an attacker-controlled email, and then using the verification code to reset the password; several accounts including high-profile ones were briefly compromised before Meta patched the issue and secured affected accounts.