Hackers hijacked Instagram accounts by asking Meta’s own AI chatbot to reset the password Hackers exploited a flaw in Meta’s AI support chatbot to gain unauthorized access to Instagram accounts. By tricking the AI into adding a new email and resetting the password, attackers could take over accounts without needing the victim’s email. This incident highlights the risks of deploying AI with account-level permissions and is part of a pattern of recent high-profile AI deployment failures.

• Hackers compromised Instagram accounts by tricking Meta’s AI support chatbot.
• The attack did not require access to the victim’s email, phishing, or malware.
• Attackers used a VPN to spoof location and then prompted the chatbot to add a new email and reset the password.
• The AI chatbot sent a verification code to the hacker’s email, which was then used to complete the takeover.
• Comprised accounts included the Obama-era White House Instagram handle and US Space Force Chief Master Sergeant John Bentivegna’s account.
• The vulnerability stemmed from the AI chatbot not verifying the identity of the user asking for account changes.
• This incident is a case study in the dangers of AI chatbots with account management permissions.
• This is the third significant AI deployment failure reported in a single week, following issues with Starbucks and Waymo systems. Continue reading https://thenextweb.com/news/hackers-tricked-meta-ai-chatbot-instagram-account-hijack