Meta’s AI-powered support chatbot was reportedly exploited by hackers to take over Instagram accounts, according to 404 Media.

In a video shared on Telegram, a hacker demonstrated how they could hijack an account by asking Meta’s chatbot to change the email address linked to someone else’s Instagram profile and then reset the password.

Meta says the issue has now been fixed, but it appeared around the same time Barack Obama’s White House Instagram account was hacked. On Sunday, users noticed that the @obamawhitehouse account had started posting images with Iranian propaganda. According to 404 Media, hackers also appeared to take control of Instagram accounts belonging to the US Space Force Chief Master Sergeant and beauty retailer Sephora.

Meta introduced its AI support assistant in March to help users with tasks such as resetting passwords, setting up two-factor authentication, and recovering account access. But the Telegram video showed that a hacker was able to simply ask the chatbot to link a new email address to an account. The AI assistant then sent a verification code to the hacker, which could be used to confirm the new email address and set a fresh password, locking out the real account owner.

READ
Canvas Breach Raises Fresh Concerns Over Digital Security In Education

Some attackers reportedly used VPNs to make it look like they were contacting Meta support from the same location as their targets. The hackers appeared to focus on valuable Instagram usernames, including short or rare handles made up of a single letter or common word, such as “h” or “eggs.”

Security researcher and reverse engineer Jane Manchun Wong also said her Instagram account was taken over. In a post on X, she said her password was changed without her knowledge and that she received several password reset attempts throughout the day. She also said she was repeatedly logged out of the Instagram iOS app.


Buy ExpressVPN with PayPal or Credit Card
Advertisement