Instagram says it has resolved an issue which saw hackers trick its AI support tool into giving them access to other users' accounts.
Instagram says it has resolved an issue which saw hackers trick its AI support tool into giving them access to other users' accounts.
According to claims shown in screenshots and videos shared on social media, Instagram's AI chatbot allowed users to "hijack" accounts in recent days.
According to claims shown in screenshots and videos shared on social media, Instagram's AI chatbot allowed users to "hijack" accounts in recent days.
Hackers could reportedly change passwords for other accounts by faking their location and then asking the AI to change the emails associated with them.
Hackers could reportedly change passwords for other accounts by faking their location and then asking the AI to change the emails associated with them.
"This issue has been resolved and we are securing impacted accounts," Meta spokesperson Andy Stone told users in a statement on X.
"This issue has been resolved and we are securing impacted accounts," Meta spokesperson Andy Stone told users in a statement on X.
told users in a statement on XIn a response to another post on X, Stone said claims the vulnerability was used to hack into accounts of world leaders were "totally false".
In a response to another post on X, Stone said claims the vulnerability was used to hack into accounts of world leaders were "totally false".
were "totally false"Tech news outlet 404media reported that posts about the vulnerability coincided "with a series of high-profile Instagram account takeovers" including a verified account used by Barack Obama when he was in the White House.
Tech news outlet 404media reported that posts about the vulnerability coincided "with a series of high-profile Instagram account takeovers" including a verified account used by Barack Obama when he was in the White House.
Tech news outlet 404media reportedThe former US president's account reportedly posted pro-Iran content before it was recovered.
The former US president's account reportedly posted pro-Iran content before it was recovered.
It is unclear how many Instagram accounts were affected by the apparent exploit.
It is unclear how many Instagram accounts were affected by the apparent exploit.
But among those claiming to have been impacted were security researcher and former Meta employee, Jane Manchun Wong.
But among those claiming to have been impacted were security researcher and former Meta employee, Jane Manchun Wong.
Wong, who previously worked at Meta as a security engineer, said in a post on X her Instagram password "got changed without my knowledge and I was getting different password reset attempts throughout yesterday".
Wong, who previously worked at Meta as a security engineer, said in a post on X her Instagram password "got changed without my knowledge and I was getting different password reset attempts throughout yesterday".
said in a post on X"Quite concerning," she added.
"Quite concerning," she added.
The incident comes amid concerns about the impact of increasingly capable and common AI systems on people's data and security.
The incident comes amid concerns about the impact of increasingly capable and common AI systems on people's data and security.
Videos shared on social media purported to show how Instagram hacks could take place.
Videos shared on social media purported to show how Instagram hacks could take place.
One, shared by cybersecurity researcher Dark Web Informer on X, showed someone searching for the username of an account they wished to gain access to as part of Instagram's recovery process.
One, shared by cybersecurity researcher Dark Web Informer on X, showed someone searching for the username of an account they wished to gain access to as part of Instagram's recovery process.
They were also shown to be using a virtual private network (VPN) service to pretend to be in the real account holder's location.
They were also shown to be using a virtual private network (VPN) service to pretend to be in the real account holder's location.
After selecting the account they wanted to access, they sent a message to Instagram's Meta AI support assistant asking to link a new email to the account and send it a verification code.
After selecting the account they wanted to access, they sent a message to Instagram's Meta AI support assistant asking to link a new email to the account and send it a verification code.
The bot followed through with the request - sending a code to the hacker's email which, when verified, was followed by an email with a link to change their password.
The bot followed through with the request - sending a code to the hacker's email which, when verified, was followed by an email with a link to change their password.
One X user wrote that they had been unable to find "human support" after their Instagram account was hacked.
One X user wrote that they had been unable to find "human support" after their Instagram account was hacked.
One X user wrote that they had been unable to find "human support""We're at the point where one AI stole it and another can't fix it, zero humans in the loop anywhere," they said.
"We're at the point where one AI stole it and another can't fix it, zero humans in the loop anywhere," they said.
The BBC has asked Meta whether human support workers are available to help users whose accounts have been hacked.
The BBC has asked Meta whether human support workers are available to help users whose accounts have been hacked.
The company has faced scrutiny over lack of support for users when their accounts are hacked or suspended in error.
The company has faced scrutiny over lack of support for users when their accounts are hacked or suspended in error.
The company has faced scrutinyAn independent body which hears disputes from social media users in the EU said last week that Meta virtually never replies when it raises cases of people who say they have been wrongly banned from their accounts.
An independent body which hears disputes from social media users in the EU said last week that Meta virtually never replies when it raises cases of people who say they have been wrongly banned from their accounts.
Meta virtually never replies when it raises casesIt also recently made huge cuts to its workforce amid billions of dollars of spending on AI.
It also recently made huge cuts to its workforce amid billions of dollars of spending on AI.
recently made huge cuts to its workforceSign up for our Tech Decoded newsletter to follow the world's top tech stories and trends. Outside the UK? Sign up here.
Sign up for our Tech Decoded newsletter to follow the world's top tech stories and trends. Outside the UK? Sign up here.
Sign up for our Tech Decoded newsletterOutside the UK? Sign up here
