How hackers used Meta AI flaw to hijack Instagram accounts
What's the story
Several Instagram users have reported losing access to their accounts after hackers exploited a vulnerability in Meta's AI-powered support assistant. The issue was first highlighted over the weekend when several users claimed that their Instagram accounts had been hijacked. According to TechCrunch, the problem stemmed from hackers manipulating Meta's chatbot into helping them reset passwords and take control of various Instagram accounts.
Targeted profiles
Hackers took over several high-profile accounts
The security flaw affected several high-profile Instagram accounts, including the official page of the Obama-era White House and US Space Force Chief Master Sergeant John Bentivegna. Security researcher Jane Wong also claimed that her account was taken over without her permission. She said she received multiple unexpected password reset attempts before losing access to her profile entirely.
Modus operandi
Hackers manipulated Meta's AI support assistant
A video shared by X account Dark Web Informer revealed how hackers exploited Meta's AI Support Assistant. By using a VPN to spoof the victim's location, the attackers tricked the AI into adding a new email address to the target account. The AI assistant then sent a verification code directly to the hacker, who used it to change the password and permanently lock out the original owner.
Resolution
Instagram has fixed the issue
In response to the reports of compromised accounts, Instagram spokesperson Andy Stone confirmed that the company has fixed the issue. However, Meta has not revealed how many users were affected by this security flaw before it was patched. The incident underscores the potential risks of AI technology in cyberattacks if proper safeguards are not implemented.