Instagram is alerting users who have been targeted by hackers during chatbot AI attacks

The large-scale hacking campaign that relied on simply asking Meta AI’s chatbot to take over a victim’s Instagram account appears to have continued even after the company said the issue had been resolved. At the same time, the company is striving to secure targeted accounts and alert victims.

During the weekend, The hackers claimed to be exploiting the chatbot to power Meta’s AI To take over several high profile Instagram accounts. Meanwhile, A big number to the people He complained There were reports on social media that their Instagram accounts had been hacked, some using short, unique profile handles.

TechCrunch has seen examples of allegedly hacked handles containing common first names or country names, which can then be resold almost as collectibles on a gray market for so-called “OG handles.” Other victims of the piracy wave appear to be in a deep slumber Obama White House The account (which Meta disputed), and that of the US Space Force’s Master Sgt John Bentevegna.

These attacks were so simple that calling them a hack might give the people behind them too much credit, while at the same time not putting enough blame on Meta for not preventing the primitive attacks from hijacking people’s accounts.

The hackers simply told Meta’s chatbot that they were the target’s account holder, and asked the bot to link that person’s account to an email they controlled. The chatbot complied with the request, allowing the hacker to reset the target account’s password and take control of the account, and in some cases resulted in victims being locked out. Meta employees or contractors did not participate in the chat at any time.

On Monday, Meta spokesman Andy Stone He said That “the problem that occurred has already been solved.”

But on Tuesday, even more so Instagram Users He claimed that their accounts had been hacked.

At the same time, TechCrunch saw discussions between members of the Telegram channel where the hacking technique was advertised, who claimed to still be able to exploit Meta’s chatbot, and were advertising hacked handles for sale, at the time of TechCrunch’s writing. (It’s important to note that it’s difficult to know if all of these accounts were hacked due to the same technique.)

Later Share on X“Some people may receive password reset notifications and some may be asked security questions when they try to log in to their accounts,” Stone said.

Stone told TechCrunch in an email that Meta secured the affected accounts on Monday, then began sending password reset emails. When asked by TechCrunch, Stone did not say how many users were hacked.

Several people reported that Meta began notifying users that they were being targeted.
Victims publicly They reported receiving emails from Instagram warning them that the company had “detected some suspicious activity that indicates your Instagram may have been hacked.” The message also stated that the company had taken measures to secure the account, and asked the user to reset their password.

like 404 Media noticeddead Announce In March, it was applying artificial intelligence to automate its support for users, saying its AI-powered chatbot was “designed to solve account issues from start to finish” and would have the ability to “securely reset your password.” This suggests that a chatbot can perform actions that might previously have required a human in the loop, given how important they are.

For years, There was a thriving market The hackers stole and then sold the “OG” usernames, a reference to the usernames and handles used by early users of Instagram. However, in the past, taking control of these accounts required more sophisticated strategies, such as phishing the victim, taking over their phone numbers, or bribing insiders at telecom companies.

Here, the hackers just asked, and Meta’s chatbot responded.