Meta – the parent company of Facebook, Instagram, and WhatsApp – continues to integrate AI into its entire environment. Unfortunately, it seems that the company overlooked a major flaw: Meta’s AI support chatbot can apparently be tricked into giving unauthorized users login access to any Instagram account.
In the past few days, many of the most followed Instagram accounts have been hacked. I The Obama White House Instagram account, with 2.4 million followers, was compromised and posted a caption on Sunday that said: “The White House is under Shiite control.” Other accounts, such as the official Instagram account of Master Chief Air Force Sergeantwere also broken into.
This Tweet is currently unavailable. Either it is loading or it has already been downloaded.
This Tweet is currently unavailable. Either it is loading or it has already been downloaded.
Soon after, social media sleuths he started sharing the news of these hacked accounts once display of screen images suspected way used to take them.
Hackers say they used a trick that tricked Meta’s AI support chatbot into simply providing account access. A bad actor can simply tell the AI chatbot that it needs to reset the password of the target Instagram account. However, the hacker also informs the chatbot that it needs a password reset email, which includes a verification code to change the password, sent to a new email address.
The email address, of course, belonged to the criminals, not the true account owner. The chatbot will apparently oblige the criminal’s request and provide them with a page to reset the account’s password.
Mashable Light Speed
In fact, hackers have been using a well-known social engineering tactic against AI chatbots.
This Tweet is currently unavailable. Either it is loading or it has already been downloaded.
This Tweet is currently unavailable. Either it is loading or it has already been downloaded.
Some screenshots of the process have been released from Telegram channels where hackers sell their wares on the black market. Some screenshots were taken by users who said they were able to replicate the hack.
This vulnerability is particularly concerning because there is nothing the intended Instagram account owners can do to prevent it. The AI chatbot appeared to bypass two-factor authentication to comply with the hacker’s requests.
As news of the hacked accounts surfaced on social media, Meta appears to have acknowledged and addressed the vulnerability.
Mashable has contacted Meta about the incident, and we’ll update this story if we get more information. However, on social media, Meta VP of communications Andy Stone appeared to acknowledge the exploitation of Meta AI support.
“This issue has been resolved and we are recovering the affected accounts,” Stone said in the answer to the user in X.
This Tweet is currently unavailable. Either it is loading or it has already been downloaded.
It is unclear how many accounts were affected by this exploit.