GoKawiilHackers managed to trick Meta’s AI-powered support bot into allowing them to take over a number of Instagram accounts, including some high-profile ones. This included accounts belonging to the White House, US Space Force, and security researcher Jane Wong.
Update: Meta has now revealed that around 20,000 accounts were compromised and has explained the steps it has taken in response …
Hackers tricked Meta AI chatbot
In one of those “you can’t make it up” moments, hackers managed to fool Meta’s AI support chatbot into allowing them to conduct password resets on other people’s Instagram accounts. The attack method was childishly simple.
They began a password reset process
When asked to choose a method, they selected Meta AI Support Assistant
They asked the chatbot to add a new email address to the account
It did so without question, despite them not being logged-in to that account
The chatbot sent a code to the new email address
They used that code to change the password
... continue reading