Instagram AI Takeover: How Attackers Exploited Meta Support Bots

July 10
8 mins

Episode Description

Your profile photo vanishes. Your email is changed. A password reset you never requested lands in someone else's inbox. You're locked out of your own Instagram account, and you didn't click a single suspicious link.


In early 2026, attackers manipulated Meta's AI support chatbot to approve password resets on roughly 20,225 Instagram accounts over seven weeks. This episode breaks down how social engineering evolved from targeting human support reps to exploiting AI-powered customer service systems. We cover identity verification failures, how chatbots became part of the security boundary, the policy response led by California Attorney General Rob Bonta and 40 state attorneys general, and the difference between traditional phishing and trust-layer manipulation. You'll hear why separating chat from authority matters, what phishing-resistant multi-factor authentication means, and how to apply throttling, anomaly detection, and tabletop exercises for bot abuse.


This is for anyone managing Instagram accounts, security teams integrating AI support tools, and developers building customer service automation who need to understand where convenience meets risk.


One Topic, Ten minutes, No panic.

Is there a topic/term you want me to discuss next? Text me!!

YouTube more your speed? → https://links.sith2.com/YouTube  
Apple Podcasts your usual stop? → https://links.sith2.com/Apple  
Neither of those? Spotify’s over here → https://links.sith2.com/Spotify  
Prefer reading quietly at your own pace? → https://links.sith2.com/Blog  
Join us in The Cyber Sanctuary (no robes required) → https://links.sith2.com/Discord  
Follow the human behind the microphone → https://links.sith2.com/linkedin  
Need another way to reach me? That’s here → https://linktr.ee/rich.greene

See all episodes