Instagram warns users after hackers exploit chatbot to access accounts
What's the story
Instagram is warning users whose accounts may have been compromised during a recent hacking campaign. The attack involved hackers using Meta's AI support chatbot to take control of several high-profile Instagram accounts. Despite Meta's claim that the issue had been fixed, many users continued to report account hacks over the weekend. Some of these victims had desirable short user-profile handles, which are often resold on a gray market for "OG handles."
Hacking method
Hackers tricked the AI chatbot into linking email addresses
The hackers merely told Meta's AI chatbot that they were the owners of the target account and requested it to link that person's account with an email they controlled. The chatbot complied, letting the hacker reset the target account's password and take control of it. In some cases, this even locked out victims from their own accounts. Notably, no Meta employees or contractors were involved in these chats.
Company action
Instagram is alerting users of unauthorized access attempts
In response to the attack, Meta secured affected accounts on Monday and began sending password reset emails. The company has also started alerting users that they were targeted by the hackers. Victims have publicly shared emails from Instagram warning them of "suspicious activity that suggests your Instagram may have been compromised." The message added that steps had been taken to secure their account and prompted them to reset their password.
AI implications
Meta introduced an AI-powered chatbot in March
Meta had announced in March that it was deploying AI to automate user support. The company said the AI-powered chatbot was "designed to resolve account issues from start to finish," and could "reset your password securely." This indicates that the chatbot can perform tasks that may have previously required human intervention, given their importance.