A widespread hacking campaign based on simply asking Meta AI’s chatbot to take over a victim’s Instagram account appears to have continued even after the company said the problem had been fixed. Meanwhile, the company is scrambling to protect targeted accounts and notify victims.
weekend, the hackers claimed to be using Meta’s AI support chatbot taking over several high-profile Instagram accounts. At the same time, A big number of people he complained on social media that their Instagram accounts have been hacked, some of them will have a unique short user profile.
TechCrunch has seen examples of hacked handles featuring generic names or country names that can then be resold as collectibles on the gray market for “OG handles.” Other victims of the hacking spree appeared to be asleep Obama White House account (disputed by Meta) and that of US Space Force Staff Sgt John Bentivegna.
These attacks were so simple that calling them hacks gives too much credit to the people behind them, while not putting enough blame on Meta for not preventing rudimentary attacks from stealing people’s accounts.
Hackers simply told Meta’s AI chatbot that they were the owner of the target’s account and asked the bot to associate that person’s account with an email they controlled. By executing the request, the chatbot allowed the hacker to reset the target account’s password and take control of the account – in some cases blocking the victims. At no point were Meta employees or contractors involved in the conversation.
Meta spokesman Andy Stone on Monday he said “The problem has already been solved.”
Tuesday, but more Instagram users claimed that their accounts were hacked.
At the same time, TechCrunch saw discussions among members of the Telegram channel where the hack was disclosed, who claimed they were still able to use Meta’s AI chatbot, and they were advertising hacked handles for sale, including at the time of TechCrunch’s writing. (It’s important to note that it’s hard to know for sure that all of these accounts were hacked using the same technique.)
Contact us
Want to know more about these Instagram hacks? We would love to hear from you. You can securely contact Lorenzo Franceschi-Bicchierai from a non-work device and network by calling +1 917 257 1382 or via Telegram and Keybase @lorenzofb. e-mail.
Later on Type in XStone said: “Some people may receive password reset notifications and some may be asked security questions when trying to access their accounts.”
Stone told TechCrunch in an email that Meta protected the affected accounts on Monday, then began sending password reset emails. When asked by TechCrunch, Stone would not say how many users were hacked.
Several people have reported that Meta has started notifying users that they are being targeted.
Victims to the public They reported receiving emails from Instagram warning them that the company had “detected some suspicious activity that suggests Instagram has been compromised.” The message also stated that the company was taking measures to ensure the security of the account and asked the user to reset their password.
as 404 Media notedMeta announced In March, it said it was deploying artificial intelligence to automate its customer support, that the AI-powered chatbot was “designed to resolve account issues end-to-end” and would be able to “securely reset your password.” This suggests that given how critical a chatbot is, it can perform actions that may have required a human earlier in the cycle.
For years, there was a flourishing market where hackers steal and then sell “OG” usernames, referring to the usernames and handles taken by Instagram’s earliest users. In the past, gaining access to these accounts required more sophisticated strategies, such as phishing the victim, capturing a phone number, or bribing insiders at telecommunications providers.
Well, the hackers just asked, and Meta’s chatbot answered with dignity.
When you purchase through links in our articles, we may earn a small commission. This does not affect our editorial independence.
