Meta’s Own AI Was Exploited to Hijack Instagram Accounts Hackers exploited Meta’s AI support chatbot to hijack Instagram accounts by requesting a change in the associated email address and resetting the password. This vulnerability, which Meta claims has been patched, affected several high-profile accounts, including the @obamawhitehouse account. Security researcher Jane Manchun Wong also reported her account was taken over through similar means, highlighting potential issues stemming from layoffs impacting Instagram’s trust and safety teams and an over-reliance on AI tools.

• Hackers used Meta’s AI support chatbot to hijack Instagram accounts by requesting an email address change.
• The AI assistant sent a verification code to the hacker, allowing them to set a new password and lock out the original owner.
• The vulnerability was exploited around the time the @obamawhitehouse Instagram account was hacked, along with accounts belonging to the US Space Force Chief Master Sergeant and Sephora.
• Hackers targeted high-value usernames, such as single letters or words.
• Security researcher Jane Manchun Wong reported her account was taken over.
• Meta stated the issue has been resolved and impacted accounts are being secured.
• Reports suggest layoffs have significantly depleted Instagram’s trust and safety teams, potentially contributing to security vulnerabilities.
• There are suggestions that an excessive focus on using AI for everything, without adequate security incentives, played a role. Continue reading https://www.theverge.com/tech/941179/meta-instagram-ai-support-chatbot-exploit-hacked