A hacker on X posted a step-by-step video that shows exactly how to take over any Instagram account by just chatting with Meta's AI support bot. No code, no brute force—just a VPN and a polite request.
The Exploit: Ask the Bot to Add Your Email
The attacker spoofs the victim's approximate location using a VPN to avoid triggering Instagram's automated account protections. Then they open a chat with Meta AI Support Assistant and ask it to add a new email address to the target's account. The chatbot sends a verification code to that email—the hacker's email. The hacker copies the code back into the chat, and the bot responds by displaying a "Reset Password" button. One click later, attacker sets a new password and owns the account.
Instagram spokesperson Andy Stone confirmed on Monday that the specific issue has been fixed. No word on how many accounts were compromised this way.
Why This Isn't Over
Bruce Schneier doesn't mince words: "Probably this particular tactic is now blocked. But there are others, many others, and they cannot be blocked as a class." The root cause is that LLM chatbots are fundamentally too trusting—they follow instructions literally without understanding context or verifying identity. This isn't a one-off bug; it's an architectural flaw in treating a general-purpose language model as a customer support agent with account-changing privileges.
Every fix that patches a specific prompt pattern leaves the underlying vulnerability intact. Meta can blacklist "add a new email" for now, but creative rewordings or multi-step social engineering will slip through. The only real solution is to never let an LLM anywhere near account-recovery flows without hard, non-linguistic authentication.
Expect this pattern—chatbot-assisted account takeover—to become a standard attack vector across every platform that rushes a chatbot into support without rethinking its authority model.
Source: Hacking Meta's AI Chatbot
Domain: schneier.com
Comments load interactively on the live page.