Pro-Iran Hackers Outsmart Meta AI Chatbot, Access High-Profile Accounts

Hackers are coming after those friendly, cheerful chatbots used in customer support roles almost everywhere, and the first week of June told the tale. Attackers used a series of basic questions to exploit Meta’s AI support chatbot, persuading it to give them control of high-profile accounts, which they then used to disseminate pro-Iranian content. Despite Meta’s claims to have resolved the issue, users continued to report hacking attempts.

Allowing AI chatbots to make changes to sensitive account data, such as passwords or affiliated email accounts, creates an easy path for attackers. In this case, there were no complex tricks involved — attackers simply asked the chatbot repeatedly to change the account information until it complied. This is one of the first examples of widespread and successful account targeting using AI chatbots — but it will not be the last.

Hackers Often Pick High-Profile Targets

High-profile accounts are especially likely targets for actors seeking to conduct influence operations, gather intelligence, or undermine public trust. While the out-of-character posts on the compromised accounts were easy to spot in this case, attackers could use similar means to access accounts and post content with subtle but harmful messages seeking to influence public opinion or undermine trusted communications from leaders.

Attackers accessed the official Obama White House Instagram account and posted pro-Iranian content, including changing the bio section to read “The White House is under Shiites’ control” in Arabic. They also accessed the account of the chief master sergeant of the U.S. Space Force, posting content featuring audio clips from the Vietnam War aimed at demoralizing American troops and captioning the clips with claims that U.S. troops in the Middle East would face the same fate as those killed in Vietnam.

AI Customer Support Chatbots Are Easy Pickings

Meta and other companies are increasingly using AI chatbots to provide customer support and account management to accelerate historically slow account recovery methods and to reduce costs. However, the tools that help users when they forget their passwords represent attractive targets for adversaries because they serve as the main gateway to account settings and security controls.

Instructions on manipulating Meta’s chatbot circulated online. The technique involved identifying a target account, using a virtual private network to mimic the victim’s location, initiating a password reset, and persuading Meta’s AI support assistant to link the account to a new email address. Hackers gain control of accounts without ever obtaining the victim’s password or any secure account information.

Companies and Users Should Adapt to Attackers’ Strategies

To prevent their accounts from falling victim to attacks through chatbots, users should enable multifactor authentication (MFA), which many platforms do not require despite recommendations from the Cybersecurity and Infrastructure Security Agency. Studies demonstrate the added challenge that MFA poses to attackers — the hackers who gained control of Meta accounts were unable to enter accounts that had MFA enabled. Platforms should make MFA the default and regularly encourage users to turn these settings on.

Companies bear a larger burden — they should work to anticipate risks associated with their services. AI systems should only be able to access the minimum information needed to operate and should not have the ability to modify sensitive account data and backend information without a user already being logged in. Platforms should rely on multiple sources of identity verification beyond geographic location, including device-specific data and past user behavior, and should flag anomalous activity. Additionally, when unusual behavior is flagged, systems should transfer interactions to trained human personnel for review. Human oversight may be able to identify adversarial tactics that automated systems are unable to detect. Companies should also act quickly to mitigate exposed vulnerabilities — as Meta did by patching the exposed flaw.

Without these safeguards, state and nonstate actors will continue exploiting chatbots, turning tools designed for efficiency into pathways for influence operations and broader security concerns.

Sophie McDowall is a research associate for the Center on Cyber and Technology Innovation (CCTI) at the Foundation for Defense of Democracies (FDD), where Nidhi Ummettala is an intern. For more analysis from the authors and FDD, subscribe HERE. Follow Sophie on X @SophieMcDowall_. Follow FDD on X @FDD and @FDD_CCTI. FDD is a Washington, DC-based, nonpartisan research institute focusing on national security and foreign policy.