Instagram AI chatbot tricked by hackers to give access to others' accounts

Instagram AI chatbot tricked by hackers to give access to others' accounts16 minutes agoShareSaveAdd as preferred on GoogleLiv McMahonTechnology reporterGetty ImagesInstagram says it has resolved an issue which saw hackers trick its AI support tool into giving them access to other users' accounts. According to claims shown in screenshots and videos shared on social media, Instagram's AI chatbot allowed users to "hijack" accounts in recent days. Hackers could reportedly change passwords for other accounts by faking their location and then asking the AI to change the emails associated with them. "This issue has been resolved and we are securing impacted accounts," Meta spokesperson Andy Stone told users in a statement on X. In a response to another post on X, Stone said claims the vulnerability was used to hack into accounts of world leaders were "totally false". Tech news outlet 404media reported that posts about the vulnerability coincided "with a series of high-profile Instagram account takeovers" including a verified account used by Barack Obama when he was in the White House. The former US president's account reportedly posted pro-Iran content before it was recovered. It is unclear how many Instagram accounts were affected by the apparent exploit. But among those claiming to have been impacted were security researcher and former Meta employee, Jane Manchun Wong. Wong, who previously worked at Meta as a security engineer, said in a post on X her Instagram password "got changed without my knowledge and I was getting different password reset attempts throughout yesterday". "Quite concerning," she added. ReutersAn Instagram account used by Barack Obama when he was president was reportedly hackedThe incident comes amid concerns about the impact of increasingly capable and common AI systems on people's data and security. Videos shared on social media purported to show how Instagram hacks could take place. One, shared by cybersecurity researcher Dark Web Informer on X, showed someone searching for the username of an account they wished to gain access to as part of Instagram's recovery process. They were also shown to be using a virtual private network (VPN) service to pretend to be in the real account holder's location. After selecting the account they wanted to access, they sent a message to Instagram's Meta AI support assistant asking to link a new email to the account and send it a verification code. The bot followed through with the request - sending a code to the hacker's email which, when verified, was followed by an email with a link to change their password. One X user wrote that they had been unable to find "human support" after their Instagram account was hacked. "We're at the point where one AI stole it and another can't fix it, zero humans in the loop anywhere," they said. The BBC has asked Meta whether human support workers are available to help users whose accounts have been hacked. The company has faced scrutiny over lack of support for users when their accounts are hacked or suspended in error. An independent body which hears disputes from social media users in the EU said last week that Meta virtually never replies when it raises cases of people who say they have been wrongly banned from their accounts. It also recently made huge cuts to its workforce amid billions of dollars of spending on AI. Meta repeatedly snubs EU body over Facebook and Instagram user bansInstagram denies breach after many receive emails asking to reset passwordWhatsApp defends 'optional' AI tool that cannot be turned offSign up for our Tech Decoded newsletter to follow the world's top tech stories and trends. Outside the UK? Sign up here. InstagramCyber-securitySocial mediaMetaArtificial intelligence