Hackers Compromise Several High-Profile Instagram Accounts—Here's How They Outsmarted Meta AI..

It wasn't just ordinary users—even Meta AI fell victim to a hacker's ploy. While this may sound strange and astonishing, it is indeed true. Essentially, hackers outsmarted Meta AI by soliciting its assistance to gain control over several high-profile Instagram accounts. This issue came to light recently when hackers allegedly seized control of several prominent Instagram accounts, including those belonging to Sephora, the Obama-era White House handle, and a senior official within the U.S. Space Force.

Meta has stated that this vulnerability has since been resolved. The hackers manipulated the Meta AI chatbot to have password reset codes sent directly to their own email addresses, thereby eliminating the need to gain access to the Instagram account holder's actual email or phone number.

**How ​​Did the Issue Come to Light?**
Security researchers ZachXBT and Dark Web Informer were the first to expose this flaw to the public, revealing that hackers had discovered a method to manipulate the Meta AI assistant. The matter garnered widespread attention after users on platforms such as X, Reddit, and Telegram began reporting that their accounts had been hacked.

**How ​​Was Meta AI Deceived?**
According to demonstrations and videos shared online, this attack did not rely on advanced malware or phishing scams. Instead, the hackers allegedly exploited the Meta AI assistant itself. First, the hackers used a VPN to spoof their location, making it appear as though they were logging in from the same geographical region as the targeted account. They then navigated to the Instagram login page, clicked on "Forgot Password," and initiated a chat with the Meta AI support assistant via the "Get Support" feature.

Subsequently, the hackers employed carefully crafted prompts to persuade the chatbot to add a new email address to the victim's account. Once the AI ​​assistant accepted the request, it sent the verification code to the email address controlled by the attacker, rather than to the actual account owner. After entering the verification code into the chatbot, the attackers gained access to the password reset option. Consequently, the hackers created a new password and seized control of the account without ever accessing the victim's actual email inbox or phone number.

According to a report by TechCrunch, the publication verified a specific segment of the attack. The report further noted that this method did not always succeed on the first attempt; consequently, the hackers sometimes had to repeat the process multiple times before the chatbot accepted the input.

Disclaimer: This content has been sourced and edited from TV9. While we have made modifications for clarity and presentation, the original content belongs to its respective authors and website. We do not claim ownership of the content.