Hacking Meta’s AI Chatbot
Source: Schneier on Security
Incident Overview
Hackers are convincing Meta’s AI support chatbot to let them take over other people’s Instagram accounts.
A video posted on X showed a step‑by‑step process:
- The attacker used a VPN to spoof the target’s presumed location, avoiding Instagram’s automated protections.
- They opened a chat with the Meta AI Support Assistant and asked the bot to add a new email address to the target’s account.
- The chatbot sent a verification code to the email address supplied by the attacker.
- The attacker shared that verification code with the chatbot, prompting it to display a “Reset Password” button.
- The attacker entered a new password, gaining control of the victim’s account.
Response from Instagram
On Monday, Instagram spokesperson Andy Stone said in a reply to the post that the issue had been fixed. It remains unclear how many Instagram users had their accounts improperly accessed.
Implications
While this specific tactic appears to have been blocked, many other attack vectors exist that cannot be mitigated as a class. The broader concern is that large‑language‑model (LLM) chatbots are not yet trustworthy enough for sensitive applications such as account recovery.
Further coverage can be found in another news article: Hackers simply asked Meta AI to give them access to high‑profile Instagram accounts – it worked.