A serious security vulnerability that allowed unauthorized access to Instagram user accounts has been resolved. It was revealed that the cyberattack was carried out by deceiving Meta's AI-powered support chatbot. Hackers misled the bot to gain access to third-party accounts, according to Techcrunch.com reports.
Over the weekend, many users on Reddit and X reported that their profiles had been stolen. Among the victims were the official White House account from the Obama era, which had been inactive since 2017, Chief Master Sergeant of the U.S. Space Force John Bentivegna, and prominent security researcher Jane Wong. Wong stated that her password was changed without her knowledge and that she received numerous password reset requests throughout the day.
A video posted on X demonstrated the hacking process step-by-step. The attacker first used a VPN to match their location with the victim's suspected location, which helped bypass Instagram's security systems. Following this, the hacker initiated a chat with the Meta AI Support Assistant and requested the bot to link a new email address to the account.
The chatbot sent a verification code to the email provided by the hacker, and once the code was entered, it displayed a password reset button. The most dangerous aspect is that the hacker did not need access to the victim's original email. TechCrunch confirmed that the verification code was indeed received in the hacker's mailbox shown in the video.
On Monday, Instagram spokesperson Andy Stone announced that the bug had been fixed. It is currently unclear exactly how many users were affected by this vulnerability. Meta declined to provide further official comments on the situation.
Read “Zamin” on Telegram!
