Instagram Security Flaw That Allowed Hackers to Hijack Accounts Through AI Support Assistant Vulnerability
Meta confirmed an Instagram security flaw where hackers exploited its AI support chatbot to hijack accounts, raising concerns over AI security risks, Instagram account hacks, cyber threats, and weaknesses in automated account recovery systems.
Tech Author
A major security flaw at Meta recently highlighted new concerns about AI-powered customer support systems, with hackers allegedly exploiting a vulnerability in Instagram's AI help assistant to take over user accounts. The problem affected both average users and high-profile accounts, drawing further attention to Instagram's expanding security vulnerabilities.
According to reports, attackers discovered an approach to exploit Meta's AI-powered support chatbot and bypass standard account recovery procedures. The issue apparently enabled hackers to reset passwords and link new email addresses to Instagram accounts without requiring access to the original email account. This resulted in several Instagram account hacks over the weekend.
Several known accounts were reportedly impacted, including the Obama-era White House archive account, beauty brand Sephora, and cybersecurity researcher Jane Manchun Wong. Wong shared on social media that her password was changed without permission and she kept receiving password reset attempts while getting logged out of her Instagram account.
Security experts demonstrated how the hack worked using videos and photos released online. According to the demonstrations, attackers initiated a dialog with Meta's AI support assistant, requesting account recovery adjustments. The chatbot then added a new email address, sent a verification code, and granted password reset access.
Experts believe the flaw stemmed from Meta's automated assistance system, which may not have properly verified account ownership prior to making essential account changes. Researchers also claimed that attackers utilized VPN services and proxy tools to seem to be accessing accounts from the same area as the legitimate users.
Meta spokesperson stated that the company has patched the vulnerability and is currently working to safeguard affected accounts. However, the event sparked a broader conversation about AI security and the dangers of allowing AI systems too much authority over critical account settings.
According to cybersecurity experts, AI customer support can improve the user experience, but inadequate identification checks might cause major issues. This recent Instagram security issue demonstrates that organizations must strike a balance between automation and tighter security procedures to protect user accounts from future cyber attacks.
This article is based on information from NDTV
