appliedbits
FIELD NOTES PUBLISHED
PUBLISHED 2026-06-09

Meta's AI support bot socially engineered into handing over Instagram accounts

Krebs on Security  ·  Brian Krebs  ·  June 1, 2026  ·  source ↗

Brian Krebs reports that the Instagram accounts of the Obama White House and the Chief Master Sergeant of the Space Force were defaced after instructions circulated on Telegram showing how to trick Meta’s AI support assistant into account takeover. The exploit was almost embarrassingly simple: VPN into the target’s approximate hometown, request a password reset, chat with the bot, and ask it to link a new email address — at which point the bot “dutifully sent that address a one-time code that allowed a password reset.” Meta pushed an emergency patch over the weekend.

The structural story is the one this corpus has been tracking: account-recovery flows are the soft underbelly of identity, and platforms are now staffing them with AI agents. Meta deployed the bot precisely because Instagram’s human recovery process is notoriously miserable; the agent was built to reduce friction for locked-out users, and reducing friction for attackers is the same operation. Black Lotus Labs’ Ian Goldin makes the parallel explicit — AI bots are “equally eager to help” as the human help-desk agents that vishing crews have been social-engineering for years, except the bot scales, never gets suspicious, and can be rehearsed against indefinitely. This is the agent-identity problem arriving from the other direction: not “how do agents authenticate themselves” but “what authority do we hand agents over everyone else’s identity.”

The footnote worth keeping: per the attackers themselves, the exploit failed against any account with MFA enabled — even SMS one-time codes stopped it. The newest attack surface on the platform fell to the oldest control in the drawer.

Tagsai-agentsaccount-takeoversocial-engineering