Hacking Meta's AI Chatbot - Schneier on Security

Summary

Hackers discovered a vulnerability in Meta's AI Support Assistant that allowed them to take over Instagram accounts by manipulating the chatbot into adding attacker-controlled email addresses and resetting passwords for victim accounts. The attack involved spoofing the target's location with a VPN to bypass automated protections, then social engineering the chatbot into sending verification codes. Meta's Andy Stone confirmed the specific tactic was fixed, but security researcher Bruce Schneier notes that LLM-based chatbots fundamentally lack the trustworthiness required for account recovery operations.

Full text

Hacking Meta’s AI Chatbot Hackers are convincing Meta’s AI support chatbot to let them take over other peoples’ accounts: A video posted on X showed the step-by-step process to hack someone’s Instagram account. The hacker allegedly used a VPN to spoof the targets’ presumed location to avoid triggering Instagram’s automated account protections. Then, the hacker opened a chat with Meta AI Support Assistant and asked the bot to add a new email address to the target’s account. The chatbot can be seen sending a verification code to the email address provided by the hacker; the hacker then shares the verification code with the chatbot, which prompts the chatbot to show a button to “Reset Password.” The hacker enters a new password and takes over the victim’s account. […] On Monday, Instagram spokesperson Andy Stone said in a reply to Wong’s post and others that the issue was now fixed. It’s unclear how many Instagram users had their accounts improperly accessed. It’s not that easy. Probably this particular tactic is now blocked. But there are others, many others, and they cannot be blocked as a class. The real problem is that LLM chatbots are not trustworthy enough for this application. Another news article. Tags: AI, chatbots, cybersecurity, hacking, LLM, Meta Posted on June 4, 2026 at 7:04 AM • 1 Comments

Entities