Hackers managed to trick Meta’s AI-powered support bot into allowing them to take over a number of Instagram accounts, including some high-profile ones. This included accounts belonging to the White House, US Space Force, and security researcher Jane Wong.
On a more positive note, the social network is experimenting with a way of blocking teenage users from repeated exposure to content likely to impact their mental health …
In one of those “you can’t make it up” moments, hackers managed to fool Meta’s AI support chatbot into allowing them to conduct password resets on other people’s Instagram accounts. The attack method was childishly simple.
- They began a password reset process
- When asked to choose a method, they selected Meta AI Support Assistant
- They asked the chatbot to add a new email address to the account
- It did so without question, despite them not being logged-in to that account
- The chatbot sent a code to the new email address
- They used that code to change the password
- This process also logged out the account owner on all of their devices
Dark Web Informer posted a video of the exploit in action.
TechCrunch reports that victims included some high-profile Instagram accounts.
The compromised accounts include the Instagram handle for the Obama-era White House, which appears to have been inactive since 2017; and the account of the U.S. Space Force’s chief master sergeant John Bentivegna. Security researcher Jane Wong said her Instagram account was also taken over.
Meta has now blocked the attack method.
New Instagram protections for teenagers
On a more positive note, Meta has been experimenting with a new protection for accounts owned by teenagers intended to limit exposure to content which may prove damaging to their mental health. The company says the experiment proved successful and it’s now being rolled out globally.
We recognize that some content — like posts about nutrition, weightlifting, or how to cope with anxiety — can be helpful, but it should be balanced with other types of content rather than shown repeatedly. That’s why we’re testing ways to limit teens from seeing too many posts of this kind in one go, including in Explore, Feed, and Reels.
Meta last month launched a new iPhone app and Instagram feature for ephemeral sharing as well as Facebook Plus and Instagram Plus subscriptions.
FTC: We use income earning auto affiliate links. More.