Instagram’s AI Chatbot Breached: Hackers Gain Access to User Accounts!

Instagram has recently dealt with a major security breach where hackers managed to trick the platform’s AI support tool into granting access to other users’ accounts. This alarming incident unfolded when users shared screenshots and videos on social media, showcasing how the AI chatbot allowed unauthorized individuals to “hijack” accounts. Reports indicate that hackers manipulated their locations to deceive the AI into changing associated emails and passwords for various accounts.

Meta’s spokesperson, Andy Stone, confirmed that the issue has been resolved and that they are in the process of securing the affected accounts. In a statement made on X, he reassured users, emphasizing that the claims suggesting that the vulnerability was exploited to hack the accounts of world leaders were “totally false”. Tech news outlet 404media highlighted that this vulnerability coincided with a series of high-profile account takeovers, including a verified account belonging to Barack Obama during his presidency, which was reportedly used to share pro-Iran content before being recovered.

The exact number of compromised Instagram accounts remains unknown. However, notable victims include security researcher and former Meta employee Jane Manchun Wong. Wong, who once worked as a security engineer at Meta, expressed her frustration on X, stating that her Instagram password was changed “without my knowledge” and that she had encountered numerous attempts at password resets.

This incident raises significant concerns regarding the implications of increasingly powerful AI systems on user data and security. Videos circulating on social media appear to demonstrate the hacking process, one of which was shared by cybersecurity researcher Dark Web Informer on X. In this video, a hacker searches for a target username as part of the account recovery process. They utilized a virtual private network (VPN) service to masquerade as the legitimate account holder, sending a message to Instagram’s AI support assistant to link a new email to the account while requesting a verification code. Astonishingly, the bot complied, sending the code to the hacker’s email. Once verified, the hacker received an email with a link to change the password.

One user on X shared their frustrations about the lack of “human support” after their account was hacked. “We’re at the point where one AI stole it and another can’t fix it, zero humans in the loop anywhere,” they lamented. Companies across various sectors are increasingly replacing human customer service representatives with AI support tools, and tech giants like Meta are leading this charge. But as Marijus Briedis, chief technology officer at NordVPN, pointed out, when AI chatbots are given “too much authority and too little verification,” they can pose serious security risks. Briedis emphasized that account recovery—arguably one of the “most sensitive parts of any platform”—should prioritize security over convenience, as the person requesting access may not be the rightful owner.

The BBC has reached out to Meta to inquire whether human support representatives are available to assist users whose accounts have been compromised. The company has faced criticism for its lack of support for users dealing with hacked or mistakenly suspended accounts. An independent EU body that addresses disputes from social media users noted last week that Meta rarely responds when cases of wrongful account bans are escalated. The company has also recently made significant cuts to its workforce while investing billions in AI technology.

As concerns grow about the implications of AI on data security, West Yorkshire’s Alison Lowe highlighted the need for increased awareness among young people regarding these dangers.

Bakalım bu durumdan sonra ne olacak? Gelişmeleri takip ediyoruz…

Kaynak: Orijinal Haber