/
Navigation
Chronicles
Browse all articles
Explore
Semantic exploration
Research
Entity momentum
Nexus
Correlations & relationships
Story Arc
Topic evolution
Drift Map
Semantic trajectory animation
Posts
Analysis & commentary
Pulse API
Tech news intelligence API
Browse
Entities
Companies, people, products, technologies
Domains
Browse by publication source
Handles
Browse by social media handle
Detection
Concept Search
Semantic similarity search
High Impact Stories
Top coverage by position
Sentiment Analysis
Positive/negative coverage
Anomaly Detection
Unusual coverage patterns
Analysis
Rivalry Report
Compare two entities head-to-head
Semantic Pivots
Narrative discontinuities
Crisis Response
Event recovery patterns
Connected
Search: /
Command: ⌘K
Embeddings: large
TEXXR
TEXXR

Chronicles

The story behind the story

days · browse · Enter similar · o open

Hackers say they used Meta's AI support chatbot to change emails tied to Instagram accounts, amid a wave of high-profile account takeovers; Meta fixed the issue

The exploit shows the extreme risk of offloading technical support to AI.  —  Hackers say that they used Meta's AI support chatbot …

404 Media Jason Koebler

Related Coverage

Discussion

  • @zachxbt @zachxbt on x
    @wirelyss @Polymarket It's likely because there was a massive Instagram / Meta exploit over the weekend that was just patched. Basically the Meta AI support is garbage and has lots of access perms which allowed you to reset passwords to any user without 2FA and did not verify who…
  • @andymstone Andy Stone on x
    @nikitabier @wongmjane This claim about world leaders is totally false. The issue that did happen has already been fixed.
  • @andymstone Andy Stone on x
    @howfxr This issue has been resolved and we are securing impacted accounts.
  • @gergelyorosz Gergely Orosz on x
    Apparently this was not a sophisticated hack. But engineers at Instagram going overboard to use AI for everything, and having no incentives for stuff like... security. Inside the security org. You get what you incentivize. A warning for any company wanting to copy Meta...
  • @gergelyorosz Gergely Orosz on x
    What I'm hearing: Instagram's Trust and Safery org absolutely gutted the last few weeks. ~60% of the org gone - between layoffs and forced reassignments to data labelling. All while “AI maxxing” pushed a bunch of bugs to prod. And hence why today's massive Insta account takeover
  • @nikitabier Nikita Bier on x
    @wongmjane This is easily the biggest breach in Meta/Facebook history. Basically all DMs of world leaders were made public by this. And this happened only a month after they deprecated end-to-end encryption. [image]
  • @gergelyorosz Gergely Orosz on x
    It's wild how Meta - a company going all-in on AI - somehow missed the memo on how AI can generate images and videos that renders “take a selfie of yourself” verifications utterly useless So now Instagram accounts hacked at scale. 2FA also fully bypassed - by Meta's own design
  • @cartidise Noah Cat on x
    This is why I hate AI integration in social media apps This guy just exploited Meta AI to get access to an Instagram account in less than 2 minutes [video]
  • @wongmjane Jane Manchun Wong on x
    Even my Instagram account got hacked The password got changed without my knowledge and I was getting different password reset attempts throughout yesterday. And I got repeatedly logged out from the IG iOS app Quite concerning
  • @osinttechnical @osinttechnical on x
    Appears that the Chief Master Sergeant of the Space Force's Instagram account has been compromised by Iranian hackers, and has been posting Iranian propaganda for the last hour. [image]
  • @darkrai @darkrai on x
    I have been hacked somehow when having 2FA on my account. There is a bug / exploit going around where anyone can login and change your password. @instagram I lost my user @darkrai from this bug and cannot do anything about it, please fix this shit
  • @lowleveltweets @lowleveltweets on x
    there's no way this is real oh my fucking god tldr: AI support system accepts AI generated video of the users profile picture for email change and password reset. Great work as usual Meta
  • @oracles André on x
    Today Instagram had this massive exploit where hackers were just stealing rare handles left and right. Hundreds of accounts gone. People losing handles they've owned since 2010, some worth hundreds of thousands. I own a few rare ones so I was actually stressed watching this [imag…
  • @lauren.rotatingsandwiches.com Lauren on bluesky
    a small part of the problem with AI is that even if you see good use cases for the technology, focusing on them is a little like saying radiotherapy is going to be great for treating cancer while stores still have radium toothpaste on the shelves  —  www.404media.co/hackers-simp.…
  • @karlbode.com Karl Bode on bluesky
    this really is wild  —  they just asked Meta AI chatbot support for access to high profile accounts and it obliged  —  comes after Google complete broke its search results  —  these are not serious, capable companies deserving of professional respect.  they rushed shit product to…
  • @josephcox Joseph Cox on bluesky
    This is absolutely nuts: hackers are hijacking high-profile Instagram accounts by simply asking Meta's AI chatbot to change the email on the account.  Meta's AI does it, hacker gets password reset code, they're in.  A staggering security issue  —  www.404media.co/hackers-simp...
  • @nslayton Nicholas Slayton on bluesky
    Seems like the highest level hack of a U.S. military or defense official during the Iran War.  Appears to have been limited to shit talking Instagram stories and one-two grid posts for several hours. taskandpurpose.com/culture/spac...
  • @nslayton Nicholas Slayton on bluesky
    So pro-Iranian hackers got access to the top enlisted member of Space Force's Instagram and spent Sunday evening posting Ali Larijani fan cams, Hanoi Hannah audio and Game of Thrones memes. taskandpurpose.com/culture/spac...
  • r/technology r on reddit
    Hackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts.  It Worked
  • @jonoringer Jon Oringer on x
    I got hit with this and blocked them before I opened the attachment ... about 10 DMs yesterday on Sunday - and even got a few more today.
  • @joemenn Joseph Menn on bluesky
    In other news, a large number of security experts were among the thousands laid off by #Meta last month.  [embedded post]
  • @dangillmor@mastodon.social Dan Gillmor on mastodon
    https://www.404media.co/... Meta, one of the richest companies in the world, can't be bothered to get basic security right.
  • r/BetterOffline r on reddit
    Hackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts.  It Worked
  • @darkwebinformer @darkwebinformer on x
    🚨 Instagram had an exploit that allowed you to use Meta AI to reset passwords to accounts with no MFA on them. The exploit was patched a short time ago. [video]
  • @404media.co @404media.co on bluesky
    This is what happens when you replace customer service with an AI chatbot: Instagram users getting hacked in the dumbest possible way. @jasonkoebler.bsky.social has more.  —  Read now: www.404media.co/hackers-simp...
  • r/cybersecurity r on reddit
    Hackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts.  It Worked
  • @sentdefender @sentdefender on x
    Iranian hackers appear to have breached an Instagram account run by the Chief Master Sergeant of the U.S. Space Force, John F. Bentivegna, which has been posting Iranian propaganda for the last few hours, including an infamous psychological warfare broadcast made by Hanoi Hannah …
  • r/pcmasterrace r on reddit
    Hackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts.  It Worked
  • @heaney555 David Heaney on x
    @andymstone ... Nikita is pointing out, correctly, that attackers could have used this to access the DMs of world leaders, because this (full-access!) exploit impacted any account included in the (fairly wide!) Meta AI Support Assistant rollout, even those with 2FA enabled. Do yo…
  • @nikitabier Nikita Bier on x
    @andymstone @wongmjane Which accounts were taken over? By your definition, is Obama not a world leader?
  • @supbagholder @supbagholder on x
    Selloff today was probably deserved. Meta AI chatbot exploit allowed users to bypass 2fa and hack accounts. Already patched and fixed by Meta. But not a good look at all.
  • @devahaz Deva Hazarika on x
    @GergelyOrosz From this thread it's not clear this selfie verification even came up in the normal flow of this exploit
  • @immasiddx Sid on x
    People are now tricking Meta's AI support assistant to gain access to other people's Instagram accounts. This is exactly why AI should never have the authority to make account recovery decisions. [video]
  • @bahrambiz Bahram Sahbani on x
    Here is the full method: (How to hack Instagram accounts) Disclaimer: this video was posted on Telegram, and I have not attempted to use it. The purpose of this post is to show you how @AIatMeta sucks and how AI is falsely disabling accounts & has serious problems like these. [vi…
  • @weezerosint @weezerosint on x
    meta put out a blog post 3 months ago bragging that their AI support reduced account hacks by 30%. yesterday the obama white house instagram got taken over using that same AI. you can't make this up [image]
  • @todayyearsold @todayyearsold on x
    This is why people don't want AI replacing customer support
  • @vitalikbuterin @vitalikbuterin on x
    This is why: * Self-sovereign identity, data and money (so you control your account, not a third-party provider) * CROPS AI (so other people cannot do this to *your computer* https://vitalik.eth.limo/... )
  • @gergelyorosz Gergely Orosz on x
    @devahaz I'm hearing it did not, and internal speculations that it's thanks to pushing more and more AI generated code + much fewer left to review and catch stuff, between being laid off, and reassigned to data labelling (about 40% of the org moved off of security to label)
  • @kornbuilds Korn on x
    my instagram (@ korn) was stolen overnight via the Meta AI exploit and was subsequently disabled. it was Meta Verified, facial scan verified, and had 0 TOS violations. the account is the sole source of my income. i spent 6 hours trying to get human support and meta's support [ima…
  • @joshuafoust.com Joshua Foust on bluesky
    Guys I'm sorry but this is just objectively funny!
  • @datnofact @datnofact on bluesky
    Who could have foreseen that giving customer-facing AI chatbots access to internal system tools would go wrong.  [embedded post]
  • @faineg Faine Greenwood on bluesky
    Hey you know what I've been saying for the past decade about Meta being both extremely evil and extremely stupid  —  www.404media.co/hackers-simp...
  • @golikehellmachine.com @golikehellmachine.com on bluesky
    if this is what's happening, it's not an “AI” problem as much as it is a staggering product management and security failure [embedded post]
  • @lizharvey Liz Harvey on bluesky
    I'm laughing as someone who lost an Instagram account that I had for over 10 years because no one works for this company.  There's no customer support.  There's no getting an account back.  —  The only success stories you hear is because someone personally knew one of the few emp…
  • @jason_koebler Jason Koebler on x
    New: Hackers have been stealing high-profile Instagram accounts by simply asking Meta's AI support chatbot to change the email associated with the account they want to steal. Shockingly easy, terrible flaw associated with offloading support to AI: https://www.404media.co/...
  • r/50501Movement r on reddit
    Hackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts.  It Worked
  • r/UnderReportedNews r on reddit
    Hackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts.  It Worked