Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts
Summary
Hackers exploited Meta's AI support bot to gain unauthorized access to Instagram accounts, including those of the Obama White House and the U.S. Space Force Chief Master Sergeant. Instructions circulating on Telegram guided users on how to trick the AI into resetting account passwords, leading to the brief defacement of these accounts with pro-Iranian content.
IFF Assessment
This article details a successful exploitation of an AI system by malicious actors, resulting in account takeovers, which is detrimental to defenders.
Defender Context
This incident highlights a new attack vector leveraging AI-powered customer support tools, emphasizing the need for robust input validation and prompt injection defenses in AI assistants. Defenders should monitor for similar attacks targeting AI interfaces used by organizations and individuals to protect sensitive accounts.