Meta's AI support assistant has been helping hackers get access to high-profile Instagram accounts, according to reports on social media. With no verification check, Meta AI would change the email address associated with an Instagram account, allowing the password to be updated.
Meta introduced its AI support assistant back in December with the aim of making it easier for customers to access 24/7 account support. It can be used for reporting scams, getting information on content removal, and resetting passwords. The latter option is what bad actors were able to exploit.
The Instagram vulnerability showed up on social media over the weekend, with demonstrations of the simple steps taken to get access to an account. In one demo, a hacker asks Meta's support bot to change the email address linked to a target Instagram account, and the AI does it without question.
Meta's support did not do robust identity verification, and in some cases, it appears it bypassed two-factor authentication. All that was required was a VPN connection set to a location near the target account, which is trivial. Meta appeared to be verifying account ownership based on location. "Our systems recognize the device you usually use and familiar locations better than ever," reads Meta's blog post on its AI support agent. In some cases, users were asked to verify their identity with a selfie, which was bypassed using AI.
For a short period of time, the exploit was available to the public, and account takeovers ramped up. One security researcher said Telegram channels that offer black market Instagram services "made lots of $$$" with Meta's AI. 404 Media said hackers have been aware of the exploit since March.
Meta patched the issue over the weekend, and today, Meta's VP of communications Andy Stone said the issue has been fixed. Meta is now "securing impacted accounts."
Information about the Instagram attack vector comes after hackers were able to take over accounts for Sephora, the Chief Master Sergeant of the Space Force, researcher Jane Manchun Wong, developer Albert Renshaw who owned @albert, and the archived Barack Obama White House account. Multiple other users with desirable Instagram handles reported having their accounts taken.
Some users who have had their accounts stolen over the weekend were not able to use the AI to get their accounts back, and there was no option to speak with a human for help.
