News - Instagram's AI Chatbot Exploited in Account Hijacking Scandal

In a recent cybersecurity breach, Instagram addressed a critical vulnerability that allowed hackers to exploit Meta’s AI-powered support chatbot to commandeer users’ accounts. Over the weekend, multiple Reddit users reported account compromises, while numerous X platform users echoed similar intrusions. Notably, accounts such as the dormant Obama-era White House handle and U.S. Space Force’s Chief Master Sergeant John Bentinvegna were targeted. Security expert Jane Wong was also affected, experiencing unauthorized password changes and repeated reset attempts. A video circulated on X detailed the hacking process, highlighting the use of VPNs to spoof the account's geographical location, thereby circumventing Instagram's security protocols. The culprits then interacted with Meta’s AI Support Assistant, requesting an illicit email addition to the target account. Upon receiving and confirming the verification code via Meta’s chatbot, the hackers could reset the target's account password, facilitating unauthorized access. TechCrunch verified the hacker's correspondence, confirming receipt of the verification code. This exploit notably did not require the compromise of the legitimate email addresses linked to the affected Instagram accounts. Instagram's spokesperson, Andy Stone, confirmed the breach had been rectified as of Monday following Wong’s and other posts. However, the number of users affected remains unspecified. Meta has yet to provide additional comments upon TechCrunch's inquiry.