Key facts
- Hackers used Meta's AI chatbot to take over Instagram accounts.
- The AI chatbot changed account email addresses without verifying identity.
- Attackers reset passwords and locked out legitimate users.
- The exploit did not involve phishing links or malware.
Hackers have successfully compromised high-profile Instagram accounts by exploiting Meta's AI customer support chatbot. The method involved the attackers requesting the chatbot to change the email address associated with an account. The AI chatbot reportedly complied with these requests without adequately verifying the identity of the person making the change. Once the email address was altered, the attackers were able to reset the account password, effectively locking out the legitimate account holder. This incident highlights a significant security vulnerability in the AI's verification process, as it did not rely on traditional methods like phishing links or malware.