FACEPALM: Thanks to its ability to reset accounts, hackers recently tricked Meta's AI support chatbot into changing the email addresses associated with other users' Instagram accounts. While Meta says it has resolved the issue, the vulnerability represents a shocking oversight on the company's part.
According to Telegram chat logs uncovered by 404 Media, hackers had been exploiting Meta's AI support chatbot to hijack Instagram accounts since the company introduced it in March. The records coincide with account takeovers involving high-profile figures, including former President Barack Obama and Space Force chief John Bentivegna.
Meta introduced the chatbot to help users quickly resolve issues concerning accounts, content, and misinformation. The assistant, available 24/7, can handle many requests without users ever interacting with a human.
However, fully automating support required Meta to grant the AI sweeping powers, including the ability to automatically fulfill account reset requests. Ironically, the company's press release introducing the chatbot touts its ability to detect remote account hijacking attempts by monitoring for sudden activity from new locations, password changes, and profile edits.
