Meta fixes AI security flaw after Instagram account hacks
Meta, the owner of Instagram, Facebook, and WhatsApp, said it has resolved a major security vulnerability in its artificial intelligence support assistant that allowed hackers to bypass security protocols and take over premium Instagram accounts, News.Az reports, citing Anadolu.
“This issue has been resolved and we are securing impacted accounts,” Andy Stone, a communications official at Meta, said on the US-based social media platform X on Tuesday.
The critical vulnerability, which circulated on Telegram channels before being exposed on X, enabled bad actors to hijack accounts without needing access to the victim’s email address or phone number.
RECOMMENDED STORIES
The White House Instagram page associated with former US President Barack Obama was also hacked, according to a Monday report by entertainment news outlet TMZ. The breach was discovered on Sunday after unusual posts appeared on the account.
The exploit reportedly required attackers to use a virtual private network to match the geographic location of the target user in order to bypass automated regional safeguards.
The attacker would then trigger a password reset option, opening a chat window with Meta AI Support Assistant, a tool launched globally earlier this year to automate account recovery and technical support.
The hacker allegedly instructed the automated system to change the registered email address of the targeted account to their own, prompting the chatbot to send an 8-digit verification code to the attacker.
After entering the code into the chat interface, the system generated a password reset link, allowing the attacker to set a new password and lock out the legitimate account owner.
The cyberattack campaign reportedly compromised several high-profile accounts over the weekend, including the inactive Barack Obama White House account, global beauty retailer Sephora, and the personal account of US Space Force Chief Master Sergeant John Bentivegna.
The compromised Obama White House account, which had not been active since 2017, was briefly defaced with pro-Iranian images and messages before Meta intervened.
By Nijat Babayev
Similar news
