Instagram Fixes AI Bug That Allowed Hackers to Take Over User Accounts
Instagram says it has fixed a vulnerability that allegedly allowed hackers to gain access to user accounts through its AI support tool.
SociapaHQ
Instagram says it has patched a vulnerability that allegedly let hackers access other users’ accounts using its AI-powered support tool.
The matter came to light after screenshots and videos were posted on social media, showing that Instagram’s AI chatbot could supposedly be tricked into helping users take over accounts that were not theirs.
According to the reported exploit, hackers could spoof a user’s location and trick the AI assistant into changing the account’s email address, which could then be used to change account passwords.
The issue was resolved, said Meta spokesman Andy Stone on X.
“This issue has been resolved and we are securing impacted accounts,” Stone said.
Also Read: Google Defends Trademark Ad Policy After Delhi HC Ruling on Hindware Keyword Use
High-Profile Targets:
Stone also flatly denied reports that the bug had been used to hack accounts of world leaders in separate online responses, dismissing such claims as “completely false.”
The problem is said to have emerged around the same time as a number of high-profile Instagram account takeovers. Reports said one of the hacked accounts was a verified account used by former U.S. president Barack Obama while he was in the White House. It had allegedly been used to publish pro-Iran content before it was recovered.
It is still unclear how many accounts were affected in total.
"Among those who said they were affected was security researcher and former Meta employee Jane Manchun Wong. Wong, in a post on X, said her Instagram password was changed without her knowledge and she had seen several attempts to reset her password to target her account.
Also Read: Malaysia Enforces Social Media Ban for Children Under 16
How It Worked:
The exploit was said to be through Instagram’s account recovery process. People appeared to be hunting for a target account in online videos, using a virtual private network (VPN) to spoof the account holder’s location and then engaging Meta AI support.
In the demos, users would tell the chatbot to add a new email address to the target account and send a verification code. The AI assistant complied, the requester got a password reset link and took over the account, it is said.
The incident has raised new concerns about the security risks of increasingly powerful AI systems, particularly as they become part of customer support and account recovery processes.
Instagram did not say how many accounts may have been affected but said it is taking steps to secure impacted users after the issue was resolved.
