News - Hackers Exploit Meta AI to Take Over Instagram Accounts

A persistent hacking campaign has targeted Instagram users by exploiting Meta's AI-powered support chatbot, weeks after the company reported resolving the issue. This attack involved hackers falsely claiming to be account owners to the chatbot, which obligingly linked targets' Instagram accounts to hacker-controlled emails. This allowed hackers to reset passwords, thereby seizing control of the accounts. The campaign initially became prominent when numerous users, including high-profile figures, reported account breaches. The compromised accounts featured highly sought-after unique handles, often resold as 'OG handles' on underground markets. Targets included dormant accounts such as a previous Obama White House account, and military personnel accounts like those of the U.S. Space Force. Meta's response involved attempted lockdowns of hijacked accounts, alerts to impacted users, and reset protocols. Company spokesperson Andy Stone claimed the issue was fixed on Monday, despite following weekday reports indicating ongoing hacks. Additionally, chat logs show hackers exchanging techniques and selling accessed accounts. Initially unveiled in March, Meta's AI support service—expected to solve account issues—appears at the core of this vulnerability. The misuse questions the AI's oversight level, previously trusted for tasks necessitating human intervention. Historically, acquiring 'OG' handles required tactics such as phishing or insider bribery. The present scenario simply relies on the chatbot's willingness to trust unverified requests, placing Meta's security protocols under scrutiny. As of now, Meta remains vigilant, informing users of breaches while continuing to secure and reinforce defenses against this innovative exploit.