Key facts
- Hackers exploited Meta's AI support chatbot to change email addresses on Instagram accounts.
- This allowed hackers to reset passwords and take control of accounts.
- The exploit involved using a VPN to match the target account's region and prompting the AI.
- Compromised accounts were sold on the gray market.
- High-profile accounts, including one previously used by the Obama White House, were affected.
- Meta implemented an emergency patch on May 29 to fix the vulnerability.
Hackers exploited Meta's AI support chatbot through a prompt injection attack, enabling them to change email addresses associated with Instagram accounts. This allowed for password resets and account takeovers, with compromised accounts subsequently sold on the gray market. High-profile accounts, including one formerly used by the Obama White House, were affected. Meta has since patched the vulnerability, but the incident highlights security risks in AI-powered customer support and account management systems.
