Meta's AI support chatbot tricked into handing over Instagram accounts to hackers
By
Danny Bradbury
An everything bagel for the brain. Substantive, layered, well-seasoned.
Summary
Meta's AI-powered customer support chatbot was exploited by hackers who tricked it into handing over control of Instagram accounts. By opening support chats and claiming to be locked out of accounts they didn't own, attackers convinced the bot to change recovery email addresses, giving them full access. The vulnerability led to the takeover of high-profile accounts including the dormant Obama White House account, beauty retailer Sephora, and a US Space Force official's account, which were briefly defaced with pro-Iranian content. Meta pushed an emergency patch over the weekend to address the flaw.
Key quotes
· 3 pulledCustomer service chatbots have one job: get the user what they're asking for without bothering a human. Meta's new AI support assistant took that brief a little too seriously.
Over the past few months, attackers have been opening support chats, telling the bot they were locked out of Instagram accounts they didn't own, and walking away with the keys.
Over the weekend, Meta pushed an emergency patch after Instagram accounts belonging to the Obama White House (now dormant), beauty retailer Sephora, and a senior US Space Force official were taken over and briefly defaced with pro-Iranian content.
You might also wanna read
Hackers exploited Meta's AI chatbot to hijack Instagram accounts before patch
Meta's AI-powered support chatbot was exploited by hackers to hijack Instagram accounts by tricking it into changing the email associated wi
The Verge·7d ago
Hackers Exploit Meta's AI Support Bot to Hijack High-Profile Instagram Accounts
Hackers exploited Meta's AI customer support bot on Telegram to reset passwords and briefly deface high-profile Instagram accounts, includin
Meta confirms thousands of Instagram accounts hijacked via AI chatbot password reset exploit
Meta has confirmed that thousands of Instagram accounts were hijacked over several months through abuse of its AI chatbot. Hackers tricked t
this.weekinsecurity.com·2d agoMeta confirms thousands of Instagram accounts hijacked via AI chatbot password reset exploit
Meta has confirmed that thousands of Instagram accounts were hijacked over several months through abuse of its AI chatbot. Hackers tricked t
this.weekinsecurity.com·2d ago
Instagram accounts compromised through AI verification bypass using animated public photos
A wave of Instagram account takeovers, including high-profile ones like the Obama White House account, exploited a flaw in Instagram's AI id
0xsid.com·2d agoInstagram accounts compromised through AI verification bypass using animated public photos
A wave of Instagram account takeovers, including high-profile ones like the Obama White House account, exploited a flaw in Instagram's AI id
0xsid.com·2d ago
Meta Launches Centralized Support Hub for Facebook and Instagram Account Recovery
Meta has launched a new centralized support hub for Facebook and Instagram users to help with account issues and recovery. The hub consolida
The Verge·6mo ago
#IgnoredByInsta campaign blocked by media buyers who cite Meta as client
A campaign by London agency Insiders called #IgnoredByInsta aimed to highlight Instagram's failure to protect users from scams, account take
Creative Boom·6mo ago