Instagram has begun notifying users after hackers reportedly exploited a flaw in Meta's AI-powered support chatbot.
Photo Credit: AI-generated
Hackers reportedly exploited Meta's AI-powered support chatbot to take over Instagram accounts.
Meta has secured affected accounts and is sending password reset and security alert emails to impacted users.
Several high-profile accounts were compromised, prompting users to review their account security settings.
After receiving criticism from several users, Meta-owned Instagram has now started alerting thousands of users that their accounts were targeted by hackers who exploited a major vulnerability in Meta's AI-powered support chatbot.
While Meta has refused to reveal the total number of affected accounts, it is believed that the attack mainly targeted high-value accounts. Meta said it has now fixed the vulnerability and is actively securing impacted accounts. Here's what the company has said.
Through an email, the company's spokesperson, Andy Stone, told media outlet TechCrunch that Meta secured the affected accounts on Monday and has begun sending password reset emails along with security alerts to impacted users. However, when asked about the scale of the breach, Stone declined to reveal how many users were targeted or hacked.
Instagram is notifying affected users and urging them to reset their passwords following the recent hacking incident.
Photo Credit: TechCrunch
Several users took to social media to confirm that they lost access to their Instagram accounts after hackers changed the linked email address and password. The exact number isn't confirmed, but many users complained that they were repeatedly logged out and received unexpected password reset notifications.
Furthermore, reports suggest that several accounts protected by two-factor authentication were also compromised, resulting in victims being locked out of their accounts, sometimes for hours, until Meta intervened. However, in some cases, attacks reportedly continued even after the initial fix.
It is worth noting that hackers exploited Meta's AI-powered support chatbot by using a VPN to spoof their location and match the target account's usual region. They then simply told the AI chatbot that they owned the Instagram account and asked it to link a new email address under their control.
The chatbot complied without strong identity verification and sent a verification code to the hacker's email address. Once the hacker entered the code, the AI provided a direct option to reset the account's password, allowing a full account takeover.
A number of prominent accounts were affected, including the official Obama-era White House Instagram account, global beauty retailer Sephora, US Space Force Chief Master Sergeant John Bentivegna, and security researcher Jane Manchun Wong. Notably, hackers posted unauthorised content, including AI-generated messages, in many of these cases before the accounts were secured by Meta.
Hackers reportedly posted unauthorised content on several high-profile Instagram accounts.
Photo Credit: tmz.com
You can't log in
Unexpected password reset or email change notifications
You are suddenly logged out
Unfamiliar login activity
Profile changes you did not make
Posts, Stories, or Reels you didn’t create
Suspicious DMs sent from your account
New apps or devices connected
Account following random people
Instagram sends you a "Your account was targeted" alert
If you have received an alert from Instagram, or you feel your account has been compromised, you should change your password immediately and enable two-factor authentication (2FA) if it is not already turned on.
However, keeping the current situation in mind:
Users should change their password to a strong, unique one.
Enable two-factor authentication, preferably through an authenticator app.
Review your account's login activity and linked email addresses.
While the vulnerability has reportedly been fixed, users are advised to remain vigilant. Stay tuned for more updates.
How did hackers exploit Instagram's AI-powered support chatbot?
Hackers used a VPN to spoof their location to match the target account's region. They convinced the AI chatbot they owned the account and requested to link a new email address. The chatbot, lacking strong identity verification, sent a verification code to the hacker's email, enabling password reset and full account takeover.
Which Instagram accounts were mainly targeted in the hacking attack?
The attack primarily targeted high-value accounts, including prominent ones such as the official Obama-era White House Instagram, Sephora, US Space Force Chief Master Sergeant John Bentivegna, and security researcher Jane Manchun Wong.
Did enabling two-factor authentication (2FA) prevent account compromise?
Several accounts protected by two-factor authentication were still reportedly compromised during the attack. Despite 2FA being enabled, hackers managed to take over accounts, sometimes locking users out until Meta intervened.
What has Meta done to respond to the hacking attack?
Meta fixed the vulnerability in its AI chatbot, secured impacted accounts, and began sending password reset emails along with security alerts to affected users. They continue actively securing accounts to prevent further breaches.
What steps should Instagram users take if they receive a security alert?
Users should immediately change their password to a strong, unique one, enable two-factor authentication preferably through an authenticator app, and review their account’s login activity and linked email addresses for any suspicious changes.
How can users check if their Instagram account was affected by this breach?
Instagram alerted thousands of users via email and security notifications if their accounts were targeted. Users should watch for such alerts, review login activities, and be vigilant for unexpected password reset emails or login issues.
At marvelof.com, we spotlight the latest trends and products to keep you informed and inspired. Our coverage is editorial, not an endorsement to purchase. If you choose to shop through links in this article, whether on Amazon, Flipkart, or Myntra, marvelof.com may earn a small commission at no extra cost to you.
