Hackers used Meta’s AI-powered support chatbot as their weapon of choice to gain control of high-profile Instagram accounts before Instagram resolved the issue
Just as more companies turn to AI, hackers have exploited the loophole of AI-powered chatbots. Over the weekend, hackers infiltrated Meta’s customer support system and took control of several Instagram accounts by convincing the chatbot to do their work for them.
Hackers used AI support to replace an account’s registered email address with one they controlled. As soon as the change was approved and updated to the account, hackers could request password reset codes and lock the actual users out of their accounts. Instagram accounts lacking multi-factor authentication seemed to have been the most vulnerable.
Security researchers from tech outlets like The Verge, TechCrunch and others reported that the hackers turned Meta’s automated support tools into an unlikely weapon that has caused quite a bit of damage.
A hacker from the incident posted a video that is now circulating on X, which shows them actively breaching an account by telling Meta’s AI assistant to update account information before receiving verification codes linked to the new email address. After the hacker correctly inputs the number, a button is displayed that will reset the password of the targeted account.
Several accounts were compromised by hackers, including an Instagram page associated with former U.S. President Barack Obama, which briefly displayed posts containing Iranian propaganda during the breach, according to The Verge. Other reported victims include beauty retailer Sephora, U.S. Space Force Chief Master Sergeant John Bentivegna and security researcher Jane Manchun Wong, who took to X to confirm she’d been hacked.
The issue has since been resolved and impacted accounts have been secured, according to Meta spokesperson Andy Stone via X. However, the breach is cause for concern about relinquishing control to AI customer service systems that are in charge of sensitive account recovery functions.
It’s still unclear how many Instagram accounts were taken over aside from those previously mentioned before Meta could secure their platform.
Meta has been restructuring its workers’ jobs around AI and increasing the rollout of AI features across its platforms, with the AI support assistant used in the cyberattack having been released globally on Facebook and Instagram earlier this year.
Scroll to continue reading
Data breaches like this can be averted by users who enable multi-factor authentication, say cybersecurity experts, who suggest it is one of the most effective ways to prevent account takeovers.
The hack was not a supervillain-level, elaborate plan; hackers did not need to deploy sophisticated malware or advanced hacking techniques because all they had to do was trick the system into doing the work for them.
Click Here For The Original Source.
