Meta AI chatbot tricked by hackers to get access of high-profile Instagram accounts

Advertisement

Meta’s AI-powered support chatbot was reportedly tricked by hackers into helping them take over several high-profile Instagram accounts.

Hackers were able to commandeer multiple highly visible accounts, including the Obama-era White House Instagram page, the Sephora brand page, and the official page for a senior U.S. Space Force member by deceiving Meta’s AI-powered account support chatbot into adding an email controlled by the hackers to the targeted accounts, reports have revealed.

The attackers bypassed traditional malware and phishing attempts by sending finely worded instructions to Instagram’s AI Support Assistant in an effort to trick the bot into transferring access to a user’s Instagram account to a specific email address under their control.

According to security researchers, once the chatbot confirmed the request and transmitted a verification code to the attacker-controlled email account, the hackers could utilize the code to reset the target’s password.

Advertisement

The vulnerability was initially exposed by security researchers ZachXBT and Dark Web Informer and subsequently gained prominence when several users on Reddit, X (formerly Twitter) and Telegram began detailing experiences with similar account hijacks.

A Meta spokesperson stated “We have addressed the security vulnerability that allowed unauthorized account access on Instagram and are continuing to secure the affected accounts”

The situation has been fixed but no information was given regarding the number of accounts that may have been compromised in the incident.

Also Read: Samsung Galaxy A54 Receives One UI 8.5 Update, But Not In India

Advertisement