Meta AI Chatbot Exploit: Hackers Steal Instagram Accounts
Meta's AI support chatbot has been exploited by hackers to gain access to high-profile Instagram accounts. This shocking vulnerability allowed attackers to change email addresses and resell accounts worth millions before a patch was implemented.
The Exploit Unveiled
Hackers have discovered a significant flaw in Meta's AI support chatbot, enabling them to hijack notable Instagram accounts with alarming ease. By using a VPN to match their location to the target account's region, they could initiate a password reset and instruct the chatbot to change the associated email address. This exploit has reportedly been active since February, affecting thousands of accounts, including those of prominent figures like Barack Obama.
The implications of this breach are severe, as compromised accounts can be resold on the gray market for substantial sums. Some accounts, such as @hey and @jowo, have been valued at over $1 million due to their desirability for brand impersonation and social clout. Security experts have labeled this incident a classic case of the "confused deputy" problem, where a program with elevated permissions is manipulated into misusing those permissions.
As Meta scrambles to address this vulnerability, users are urged to implement stronger security measures, including two-factor authentication, to protect their accounts from similar attacks in the future.