Hackers duped Meta AI support chatbot to steal celebrity Instagram accounts
Hackers used Meta’s AI support bot to reset passwords and seize high-value handles, with some stolen accounts quickly sold on Telegram.
- Meta has rushed to patch a critical security vulnerability in its AI support assistant after hackers discovered a surprisingly simple way to manipulate the chatbot into handing over control of premium Instagram accounts.
- The exploit allowed attackers to hijack high-profile handles by simply asking the AI bot to change the account's registered email address, bypassing the need to hack the victim’s actual phone or email inbox.
- Cybercriminals successfully used VPNs to mimic the geographic location of their targets, satisfying regional automated security checks before prompting the chatbot to send a verification code and password-reset link to an attacker-controlled inbox.
- A wave of high-value and celebrity handles were compromised over the weekend, including the inactive Obama-era White House Instagram page, beauty retailer Sephora, and the personal account of US Space Force Chief Master Sergeant John Bentivegna.
- The security lapse sparked immediate backlash from tech researchers, who criticized Meta for replacing human trust-and-safety teams with automated, easily fooled AI support bots following a series of corporate layoffs.
116 Articles
116 Articles
Instagram starts warning users after Meta AI vulnerability enabled account takeovers
Instagram is sounding the alarm after a major security slip involving Meta AI put user accounts at risk. Last week, word spread that hackers took advantage of a flaw in Meta’s AI-powered support system to let them hijack Instagram profiles. Meta said that they have closed the loophole, but it’s not just business as usual. The company is reaching out directly to people caught up in this mess, pushing them to lock down their accounts fast. How the…
For months, alerts have been issued about AI's potential in the world of online attacks. That's exactly why a serious security problem came from Meta and Instagram. It was enough for the attackers...
Hackers took control of Instagram accounts by exploiting a surprising flaw: Meta's own assistance robot. The method, revealed on June 1 by the US specialized website 404 Media and confirmed by several cybersecurity experts including Krebs on Security, is a formidable simplicity. With a VPN to make their connection appear as coming from the same geographical area as the owner of the targeted account, the hackers then claimed to the chatbot to be …
TechCrunch
Instagram is alerting users who were targeted by hackers during AI chatbot attacks
Hackers appeared to take over victims’ accounts even after Meta said it fixed its AI-powered support chatbot, which granted hackers access to victims’ accounts.
Whoops: Hackers Simply Had To Ask Meta ‘AI’ For Access To High Profile Instagram Accounts
404 Media reports that hackers were simply able to ask Meta AI for access to high-profile Instagram accounts, and the AI agent simply… well… obliged: “Hackers say that they used Meta’s AI support chatbot to break into a host of high-profile Instagram profiles by asking the support bot to change the email address associated with the target account. The claims coincide with a series of high-profile Instagram account takeovers, including the Barac…
All we needed was a VPN: the company, which focuses heavily on artificial intelligence, fixed the problem after some remarkable cases
Coverage Details
Bias Distribution
- 41% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
