Meta AI Hack: Hackers Tricked Meta AI to Gain Control of Several High-Profile Instagram Accounts
मुख्य बातें
- •Hackers tricked Meta AI to gain control of several high-profile Instagram accounts
- •Meta AI claims to have resolved the issue
- •Hackers manipulated the Meta AI chatbot to receive a password reset code on their own email address
- •The attack did not rely on advanced malware or phishing scams, as per online demonstrations and videos
- •Security researchers Jaxbti and Dark Web Informer were the first to expose this flaw
A shocking piece of news has recently emerged, where hackers tricked Meta AI to gain control of several high-profile Instagram accounts. These accounts include those of Sephora, a White House handle from the Obama era, and a senior official of the US Space Force. This attack exposes a significant vulnerability in Meta AI's security, which was easily exploited by the hackers. According to Meta AI, the issue has been resolved, but the attack raises a big question: are our online accounts really secure? The hackers manipulated the Meta AI chatbot to receive a password reset code on their own email address, eliminating the need to access the Instagram account holder's email or phone. The attack, as per online demonstrations and videos, did not rely on advanced malware or phishing scams but rather exploited the Meta AI assistant. Security researchers Jaxbti and Dark Web Informer were the first to bring this flaw to light, stating that hackers had found a way to manipulate the Meta AI assistant. When users reported their accounts being hacked, the case drew everyone's attention. The hackers first used a VPN to make it appear as if they were logging in from the same region as the targeted account. They then went to the Instagram login page and clicked on "Forgot Password" to initiate a chat with the Meta AI support assistant via the "Get Support" feature. The hackers used carefully crafted prompts to convince the chatbot to add a new email address to the victim's account. As soon as the AI assistant accepted the request, it sent a verification code to the attacker's controlled email address instead of the real account owner's. After entering the verification code into the chatbot, the attackers were given the option to reset the password. The hackers then created a new password and gained control of the account without accessing the victim's real email inbox or phone number. According to a report by TechCrunch, the publication verified a part of the attack. The report also stated that this method did not always work on the first attempt, which is why hackers sometimes had to repeat the process several times before the chatbot complied. This attack raises a big question: are our online accounts really secure, and should we be more cautious when it comes to our account security?
