- Meta fixed a security flaw in its AI chatbot used to hack high-profile Instagram accounts
- Hackers exploited the AI by impersonating users and changing linked email addresses
- VPNs were used to bypass location checks and access victims' accounts via verification codes
Meta patched a prominent security exploit within its AI assistant chatbot that hackers used to break into high-profile Instagram accounts, such as former US President Barack Obama's White House account, beauty product retailer Sephora and the personal account of Chief Master Sergeant John Bentivegna of the US Space Force.
Hacker and security researcher communities on Telegram circulated footage and information regarding ways in which users could dupe the AI assistant into handing them control of others' social media accounts linked with Meta.
The methods that were documented seemed to be unexpectedly simple, with hackers simply impersonating the target user by mentioning their username to the AI chatbot. They would then say that they had changed their e-mail ID, sending in a different mail ID that they created. Meta's AI then sends the attacker a verification code to confirm the e-mail's authenticity and link it to the would-be victim's account. Once the account was linked to this e-mail via verification code, the hackers could change the account's password through an option provided by Meta and then take it over.
ALSO READ: Meta Rolls Out Facebook Plus, Instagram Plus, WhatsApp Plus — Check Pricing, Key Features
This exploit, according to reports, were enabled if the hackers used a virtual private network (VPN) to fool the AI into placing them in the same geographical location as the target, allowing them to bypass regional safeguards. These exploits were then shared on social media platform X, which led to attackers hacking into Instagram accounts with access to the victim's e-mail or phone number.
"This issue has been resolved and we are securing impacted accounts," Andy Stone, Meta's Vice President of Communications said in an X post.
Barack Obama's White House account, which hasn't been active since 2017 was hacked, with the account putting up AI-generated images as posts, with one of them captioned 'The White House is under Shiites' control', along with multiple unusual Instagram stories, according to a TMZ report.
Chief Master Sergeant of the Space Force John Bentivegna's account was similarly hacked, with attackers posting anti-US and pro-Iranian messaging on the account.
All the accounts were later restored by Meta.
ALSO READ: Meta To Lay Off 1,400 Employees Across Washington As AI Shift Deepens
Essential Business Intelligence, Continuous LIVE TV, Sharp Market Insights, Practical Personal Finance Advice and Latest Stories — On NDTV Profit.