Attack Cost of $5, Damage Amounts in the Millions: AI Support Vulnerabilities are Being Targeted

Meta’s AI support bot has been exploited by hackers to steal Instagram accounts.

The method is surprisingly simple. By using a VPN to spoof their location, attackers gain access to Meta’s AI chatbot. They request a password reset and even manage to change the registered email address. While a human support representative would likely question, “Are you really the account owner?” the AI bot processes these requests without hesitation.

This technique has been shared in Telegram groups with accompanying videos, making it easily reproducible. The only requirement for the attack is a VPN subscription costing about $5 per month. With that, even official accounts like Barack Obama’s White House account and those of U.S. Space Force officials have become targets.

The crux of the issue is this: AI is merely “processing” rather than “judging.”

This is not just a concern for large corporations but also for small and medium-sized enterprises (SMEs) that are increasingly adopting “AI customer support.”

Why the AI Bot Was Deceived: A Structural Problem

Traditional human customer support has the ability to detect “anomalies” that are not covered in manuals. Tone of voice, unnatural questions, and contradictions with past inquiry histories can all raise red flags. Experienced operators can pause and think, “This seems off.”

AI bots lack this capability.

In the case of Meta, the AI executed the following process without question:

1. Accepted a user request for “forgot password”
2. Verified part of the registered information as identification (which is inherently weak)
3. Processed the request to change the email address
4. Sent a reset link to the new email address

In other words, the AI was only monitoring whether the “correct procedures were being followed.” It did not consider whether the person following those procedures was the actual account owner.

This reveals a structural vulnerability. AI support is implemented for the sake of “efficiency.” It can reduce inquiry response costs from 500,000 yen to 50,000 yen per month. However, many companies fail to realize that the reduction in cost also diminishes the depth of judgment.

Cost of Attacks vs. Cost of Damage: An Asymmetry in Numbers

The terrifying aspect of this incident lies in the cost disparity between attackers and defenders.

Attackers’ Costs:

• VPN service: $5 to $10 per month (approximately 750 to 1,500 yen)
• Information on methods via Telegram: Free
• Time required: A few minutes per account
• Technical skills: Almost none required

Victims’ Costs (Estimated for SMEs):

• Labor and expert costs for account recovery: 100,000 to 500,000 yen
• Lost sales opportunities during recovery (suspension of sales via social media): Equivalent to several days to weeks of daily sales
• Apologies and measures to restore customer trust: 200,000 to 1,000,000 yen
• Long-term sales decline due to brand damage: 5% to 15% of annual sales

Assuming a small business with monthly sales of 1,000,000 yen derives 30% of its revenue from Instagram, if their account is stolen and not recovered for two weeks, that results in a direct loss of about 150,000 yen. Furthermore, if rumors spread that “that company has been hacked,” customer attrition could lead to losses of 500,000 to 1,500,000 yen annually.

Against the attackers’ cost of 750 yen, the damage amounts to hundreds of thousands to millions of yen. The cost ratio exceeds 1 to 1,000. This asymmetry is why attacks targeting AI support vulnerabilities are likely to increase in the future.

By the way, stolen high-profile accounts are traded in the gray market for tens of thousands to hundreds of thousands of dollars (millions to tens of millions of yen). For attackers, it has become a “business” where a 750 yen investment can yield returns in the hundreds of thousands of yen.

If SMEs Are to Implement AI Support, They Must Focus on This

This is not to say, “Do not implement AI support.” Continuing to rely on humans for customer inquiries at a cost of 500,000 yen per month is not realistic for SMEs. If AI can reduce that to 50,000 yen, it is a sound decision.

The problem lies in the lack of clarity on “what to delegate to AI and what not to.”

Here are three specific measures that can be implemented starting today:

1. Do Not Allow AI to Handle “Change-Related” Operations

Password resets, email address changes, and payment information updates—these are operations that pertain to “account ownership.” Meta’s failure was allowing these operations to be completed solely by AI.

The countermeasure is simple. Whenever a change-related operation occurs, always involve human verification. Alternatively, make two-factor authentication mandatory, ensuring that AI does not complete the process on its own.

AI should be tasked with read-only responses such as answering frequently asked questions, checking order statuses, and providing business hours. Do not grant write permissions. This alone can significantly reduce risks.

2. Review the Logs of “What AI Did” Daily

Many companies that have implemented AI support in SMEs tend to “neglect” it after deployment. No one is monitoring how many inquiries AI has handled or what types of requests it has processed.

This is dangerous. Attackers often test the AI’s behavior with small requests initially. If you can catch this at that stage, you can prevent damage.

Spend five minutes every morning reviewing the AI’s response logs. Set alerts for unusual request patterns (such as large access volumes at midnight or repeated actions from the same IP). A monitoring tool costing a few thousand yen per month is sufficient to handle this.

3. Calculate the Costs of the “Worst-Case Scenario” in Advance

While cost savings from AI implementation are often detailed in proposals, the potential costs incurred when an attack occurs are rarely mentioned.

Calculate this in advance. If your company’s social media account is hacked, how much will it impact sales? If customer data is leaked, how much will it cost to respond? Once you have those figures, it will automatically determine how much you should invest in security measures.

Implementing AI support at 50,000 yen can save 450,000 yen monthly. However, if an account takeover occurs even once a year, it could lead to a loss of 1,000,000 yen. In that case, a security monitoring service costing 10,000 yen per month is not a “cost” but an “insurance.” Being able to make this calculation is crucial.

The Real Risk Is Not That “AI Becomes Smarter” but That “Attacks Become Cheaper”

Finally, let’s summarize the key point to take away from this incident.

The performance improvement of AI support itself is not a risk. The risk lies in the dramatically reduced cost of attacks.

In the past, account takeovers required the construction of phishing sites, social engineering skills, and the collection of personal information about targets, all of which involved time and cost. Now, this has been compressed to a VPN cost of 750 yen and a few minutes of work.

Moreover, this method is shared in videos, allowing even those without technical skills to replicate it. We are witnessing the democratization of attacks.

SMEs often think, “We are too small to be targeted,” but as the cost of attacks decreases, even small targets become “worth it.” An account belonging to a company with monthly sales of 1,000,000 yen can be stolen and resold for several thousand yen. This presents a sufficient return against an attack cost of 750 yen.

If you implement AI, calculate costs from the attacker’s perspective. How much would it cost to attack your company? If that amount is decreasing, it’s time to increase your spending on defense.

AI support can become a weapon for SMEs. However, weapons require safety mechanisms. Wielding them without safety measures can lead to self-harm. It is not the time to feel secure with a system that can be breached for 750 yen while investing 50,000 yen monthly.