Facepalm: Thanks to its ability to reset accounts, hackers recently tricked Meta's AI support chatbot into changing the email addresses associated with other users' Instagram accounts. While Meta says it has resolved the issue, the vulnerability represents a shocking oversight on the company's part.

According to Telegram chat logs uncovered by 404 Media, hackers had been exploiting Meta's AI support chatbot to hijack Instagram accounts since the company introduced it in March. The records coincide with account takeovers involving high-profile figures, including former President Barack Obama and Space Force chief John Bentivegna.

Meta introduced the chatbot to help users quickly resolve issues concerning accounts, content, and misinformation. The assistant, available 24/7, can handle many requests without users ever interacting with a human.

However, fully automating support required Meta to grant the AI sweeping powers, including the ability to automatically fulfill account reset requests. Ironically, the company's press release introducing the chatbot touts its ability to detect remote account hijacking attempts by monitoring for sudden activity from new locations, password changes, and profile edits.

Hackers circumvented the security measure by simply using a VPN to match the target's general region. Then, they would ask the chatbot to send an account reset code for the target's username to an email address of their choosing.

App researcher and former Meta employee Jane Manchun Wong claimed that the method worked on accounts belonging to her and other high-profile users. Hackers primarily targeted usernames that include popular words or few characters, which have a high resale value.

The method might have also enabled attacks on accounts belonging to former President Barack Obama and Space Force Chief Master Sergeant John Bentivegna. On Sunday, Obama's account began sharing AI-generated images with messages in Arabic text claiming that the White House was under Shiite Muslim control. Bentivegna's account also began posting pro-Iranian messages the same day.

A Meta spokesperson later told 404 Media that the loophole has been closed, and Telegram messages from hackers support the statement.

The oversight is not the only controversy Meta's AI push has recently attracted. To train the AI to perform routine tasks, the company installed tracking software on US-based employees' PCs to log interactions between applications. Aside from drawing the ire of Meta workers, the practice might also attract legal scrutiny, as it collects incoming messages from outside the country.