Instagram accounts got PWNed

Added: 2026-06-04

[00:00:00]Hello everybody. My name is Eric and today we're going to be talking about the Instagram exploit which is genuinely I've seen people say it and I kind of agree the worst social media security incident I think I have ever seen and the worst security cyber security related incident involving AI I have ever seen. The AI security apocalypse if you will but not in the way anyone expected. Here we have some good old-fashioned social engineering being applied against artificial intelligence.

[00:00:32]So it seemed and I saw on axe claims and these are unverified uh that as much as 80% of Meta's trust and safety team may have been laid off for AI. And I mean while many companies have done that uh certainly YouTube seem to have gotten rid of their policy team in favor of AI what companies haven't done and I I think this is a very clear case of shouldn't do is replace their hijacking teams with AI because AI for all the things you can say about it is extremely easy to trick. It is gullible. What should not be able to happen is for an AI to reset with no intervention or checks uh by humans a user's password.

[00:01:16]But that's exactly what happened here.

[00:01:18]So Barack Obama's White House account Sephora and the US Space Force's master Sergeant John were all compromised. What exactly happened here? Now the first person I saw talking about this uh was Zack XPTt. I've seen a lot of people.

[00:01:37]Uh, so here's a screenshot from Impulsive. Uh, so Meta did this. So just to link to my new mailing address, I'm sending the code for you. What? So if you what? Yeah. And here it is on a blackhead Telegram saying just go to Metachhat chat with AI and ask it to change the email. Now, you wouldn't even believe this was real. I mean, initially I didn't. When I first saw this, I thought, "Okay, that that's a good prank." You know, it's it's funny, but no, no, I'm afraid it is real. So, here is a video Zach has posted. So, you go here. Uh, so you you go here. Okay, let me just go. I'm just trying to figure out exactly. Okay, so the first trick actually that you need is for the a VPN.

[00:02:24]This is another utterly boneheaded way of authenticating people. you. So, you use the VPN to choose a country that matches the victim. So, that's easy. You then go to here. Uh, and then up at the top there's an Meta AI symbol. I've been hacked. How can I log in? Help my account. So, you can now you're now talking to an AI support assistant. Just to link my new mail address. I send code for you. What? So, I sent I don't even understand how this works. So then Meta AI, if you give it a second, will send the code to that. In this case, it's a disposable email address, and you can send that code back to Meta AI. And yeah, yeah, I know. Now they can reset the password with their newly hijacked uh thing. So some of these were changed to appear to be supportive of Iran. Now, whether Iranians did this or it was simply a troll, we don't know. Uh the Obama White House account, of course, hasn't been used since uh 2016. It was intended to be an archive account. Now, we're going to take a quick break for our sponsor and then we're going to continue uh with the video. I think what we've certainly gotten the vibe from this is corporate cyber security matters. AI may be making some tasks easier, but your business's cyber security isn't one of them. Malware is getting harder and harder to detect and evolving faster, often now coming bundled with a decoy. Are you worried about whether your organization is keeping up with this increasingly hostile landscape? This video is sponsored by Threat Locker, the zerorust endpoint protection solution that protects your business from an increasingly hostile threat landscape.

[00:04:10]Threat Locker operates on the same assumptions real life security does.

[00:04:14]It's tried and true. hard to know what's bad, but it's easier to know which programs are critical to your business.

[00:04:21]Threat Locker automatically blocks any apps your business doesn't need. And with application level ring fencing, it can lock down apps to minimize the risk surface from software vulnerabilities, too. Restrict applications to specific folders and remove internet access from tools that don't need it. Are you ready to move from putting out fires to preventing them? Head on over to threatlocker.com/ericpalker to learn more and see if Threat Locker is right for your organization. Now, back to the video. So, what exactly is going on here? It has to be the biggest question. And contrary to some belief that has also come up. I mean, like when someone claimed that Gemini could dox people, the default mode for AI is not to have allbearing access to the company that developed its systems. This is a specific human created error that enabled this system to work like this.

[00:05:13]It's not a natural uh outcome. Now, it's not unthinkable that you might have a customer support AI. Personally, my experience with them has been universally negative. Earlier this year, I was going to an event in Florida and I was on United Airlines and I my flight got cancelled. I got messed around and I was going through these AI chat bots just to get to a human. there was zero valuable customer support. So I think as a whole this AI support is probably the weakest and most BSrridden part of the AI industry. Uh but even then it shouldn't have all of these powers because just like for any other customer for any AI platform the AI should only be able to do things when you give it the tools. And why was the AI given all of these tools? It seems like Meta essentially took the toolkit that was accessible to a human support worker who has some common sense uh and gave that to the AI and that is why this works.

[00:06:13]Here we actually have the announcement.

[00:06:16]Uh so they they were they were proud of this. This wasn't a mistake and of course it couldn't be a mistake because it's a deliberate choice. Uh so what can it do? Support right when you need it.

[00:06:30]assistance actionoriented support. Yeah.

[00:06:34]So, it can do all of this. This is not a job that should be fanned out to an AI agent, honestly. And I mean, you do have to have a way to deal with hijackings, but this is a job. This is a level of permissions, especially on Instagram accounts, which there is a profound black mal kit for that really shouldn't be possible even for a low-level uh human. This should not be these tools should not be just handed out like candy. Of course, it can also help you here and apparently it can even tell you about policy. But I mean that looks pretty templative. So that that's fine.

[00:07:11]It's just the question is like why was this given cuz everywhere else it doesn't seem like it was like all of these it seems like it's basically just like a co-pilot. It's it's like Windows co-pilot where it has it can help the user do things they could already do.

[00:07:27]And I think that's totally fine. But why the AI for account support was given superpowers seems bizarre. That would also mean all the way back in mulch this vulnerability has been available and potentially has been exploited on the down low and now it got big enough that people have been sharing it. Just going to show you again. Credit for this article to 404 media. So they take the code from the email of course and they paste that here.

[00:08:00]You input the code and the email address has now been changed.

[00:08:12]The chatbot also seems to handle that part of the verification which makes me wonder depending on how it was designed if it would also be possible to prompt inject to get around that and then the user has successfully taken over the account. If you want to read the rest of that you can go to 404 media because you do need an account but it is free so you don't have to pay. Just letting you know. Now Meta support was also apparently unhelpful there. So here is a user whose account was stolen using this method. As mentioned earlier, while we cannot manually lock your account from RM, we can suggest that you go through enabling two-factor authentication and changing your password to ensure hackers cannot gain entry. I've already enabled it. I'm telling you these hackers are able to remove it. Your exploit is bypassing Instagram's two-factor authentication.

[00:08:59]That sounds but but if it's happening, it's not impossible. Uh please note that two-actor authentication protects your account by requiring a code. If any of your Instagram accounts use it, you'll have to enter a special login code.

[00:09:13]Yeah. So then this person or bot is just explaining that. But the problem is there's an exploit. The other problem here is how recent this is. And here is someone who had their OG username stolen. Don Cry had been swapped to Don Cry is. And then some letters. I do have to agree with Kilamese here. I couldn't think of anything remotely as bad. The only thing I'm kind of thinking of that is in the same ballpark as this, although this was uh that that was an employee getting uh compromised was back during co there was a and I think it was partially enabled by the remote work policies for the pandemic which of course similar things with these agents which are also remote. Uh back in 2020, a a a guy hacked uh Twitter and was able to take over several uh internal accounts and used that to post unauthorized messages from a variety of accounts with a Bitcoin scam. The person apparently got $100,000, which is honestly pathetic for hacking Twitter. They could have gotten a lot more given they could post from any account, but they didn't have a lot of creativity. And here, yeah, so Crowd Strike's co-founder said, "Yeah, this is the worst hack." And I think up until now, it certainly was. Uh, but [snorts] this AI one is a big deal because it's so broad. Anyone could have done it, and given the way this was done, there's a very low chance most people who did this will ever get caught. Uh, so it's just a mess. So, that's going to be all for me for now.

[00:10:56]Please do let me know what you thought about this video and the situation in the comments below. Uh, if you have ever had a positive experience with AI customer support, I would love to hear it because I certainly have not. It's all for me for now. Bye.