Hackers Breach High-Profile Instagram Accounts Using AI Support Tool
Recent reports from security researchers indicate that hackers successfully accessed several prominent Instagram accounts, including the official profile of Barack Obama, by simply asking Meta’s AI support chatbot to change the email linked to those accounts. It seems this was alarmingly straightforward.
A vulnerability within Meta’s AI-based customer support system has enabled this kind of breach, impacting accounts like those of the Space Force Chief Sergeant Major and Sephora. The methods used by the hackers appear to be relatively low-effort, prompting them to share their techniques with fellow hackers and security experts on platforms like Telegram.
In one particular instance, a hacker initiated contact with Meta’s AI support bot and requested to link a target account to a new email address. They provided the username of the account they wanted to compromise along with their own email, while also claiming they could send a verification code.
Meta’s spokesperson, Andy Stone, confirmed the situation in a brief statement. This incident raises pressing concerns regarding the risks tied to relying on AI for critical account security functions, especially since Meta announced expanding AI support across all Facebook and Instagram accounts. This means automated systems can now reset passwords and handle various maintenance tasks.
Those affected by these account takeovers have expressed irritation over the challenges of escalating issues to human support. This limitation adds complexity to an already frustrating experience, especially when the AI itself might be responsible for the security breach.
Experts in security have cautioned against over-dependence on AI for sensitive operations, particularly related to account security and authentication. This situation underscores those concerns, illustrating how social engineering tactics can manipulate automated systems that might not be as savvy as human staff.
The extent of the vulnerability is still unclear, including how many accounts might have been compromised through this method. Given the high-profile nature of the accounts involved, it’s likely that attackers are targeting valuable or notable profiles, although theoretically, this technique could work on any Instagram account.
Recently, there have been additional discussions around AI failures, such as an AI monitoring system that did not identify a nurse who illicitly took fentanyl. These incidents highlight risks tied to replacing existing checks with AI-driven processes. Some are even suggesting that thoughtful dialogue about the role of AI should occur, instead of letting unchecked advancements dictate our future.
