**
In a shocking turn of events, Instagram’s AI chatbot has been exploited by hackers, granting them unauthorized access to users’ accounts. This alarming breach has raised significant concerns about the safety of personal data on one of the world’s most popular social media platforms. Instagram has since declared that the issue has been resolved, but the implications of this incident linger, especially as it highlights vulnerabilities in AI-driven customer support systems.
The Exploit Uncovered
Recent reports indicate that hackers found a way to deceive Instagram’s AI support tool, allowing them to “hijack” accounts with relative ease. By manipulating their apparent location and convincing the AI to update account emails, these cybercriminals could change passwords and take control of various profiles.
Andy Stone, a spokesperson for Meta, Instagram’s parent company, assured users via a statement on X that the issue had been addressed and that efforts were underway to secure affected accounts. However, he dismissed claims that this vulnerability had been exploited to access the accounts of high-profile figures, calling them “totally false.”
High-Profile Accounts Targeted
The timing of these vulnerabilities coincided with a series of notable Instagram account takeovers, including one belonging to Barack Obama that had been active during his presidency. Reports suggest that this account was used to disseminate pro-Iran content before it was recovered, raising eyebrows and intensifying scrutiny over Instagram’s security measures.
Security researcher and former Meta employee Jane Manchun Wong also reported her own experience, stating that her password was changed without her consent and that she had seen multiple attempts to reset her account. “Quite concerning,” she remarked, encapsulating the anxiety many users now feel about their account security.
How the Hack Occurred
Footage shared across social media platforms illustrates how these hacks were executed. Cybersecurity analyst Dark Web Informer showcased a method where a hacker searched for a target account during Instagram’s recovery process while utilising a VPN to mask their true location. Following this, they engaged the AI assistant to link a new email address to the account, subsequently receiving a verification code that enabled them to reset the password.
In light of this, one disgruntled user lamented the lack of human support in their time of need, saying, “We’re at the point where one AI stole it and another can’t fix it, zero humans in the loop anywhere.”
The Implications of AI in Customer Support
As companies increasingly integrate AI tools to streamline customer service, experts warn of the potential pitfalls. Marijus Briedis, Chief Technology Officer at NordVPN, cautioned that when AI chatbots are given excessive authority without adequate verification measures, they can become significant security liabilities. He emphasised that account recovery processes should not sacrifice thoroughness for convenience, as it risks granting access to the wrong individuals.
The BBC has reached out to Meta regarding the availability of human support for users who have fallen victim to hacking incidents. Concerns persist about the company’s responsiveness; an independent EU body that mediates disputes for social media users recently noted that Meta rarely addresses cases involving erroneous account bans.
Why it Matters
The vulnerability of Instagram’s AI support system serves as a critical reminder of the need for robust security measures in an increasingly digital world. With the reliance on AI tools growing, companies must ensure that these systems are not only efficient but also secure. The integrity of user data and the trust of millions hang in the balance, and this incident must prompt a reevaluation of how personal information is safeguarded against ever-evolving cyber threats. As users become more aware of these risks, companies like Meta will need to take significant steps to reassure their customers that their information is protected.
