**
In a shocking revelation, Instagram has confirmed that hackers exploited a vulnerability in its AI chatbot, allowing unauthorised access to users’ accounts. This incident has raised significant alarm among users and security experts alike, especially given the high-profile accounts that were reportedly compromised. Instagram has since announced that the issue has been addressed and that it is taking steps to secure affected accounts.
Hackers Outsmart AI: A Recipe for Disaster
Recent reports surfaced on social media, featuring screenshots and videos that illustrate how hackers managed to manipulate Instagram’s AI support tool. By impersonating the location of legitimate account holders, they could request changes to account details, such as email addresses and passwords. The ease with which this was achieved has led many to question the security measures in place for such a critical feature.
A Meta representative, Andy Stone, reassured users via a statement on X, stating, “This issue has been resolved and we are securing impacted accounts.” However, Stone dismissed claims that this vulnerability was used to breach accounts belonging to world leaders as “totally false,” putting to rest some of the more sensationalised narratives circulating online.
High-Profile Accounts Targeted
Among the most alarming cases was the reported takeover of the verified Instagram account once used by former US President Barack Obama. Shortly after being compromised, the account began posting pro-Iran content before being restored. While the exact number of accounts affected remains unclear, security researcher and former Meta employee Jane Manchun Wong claimed her password was changed without her consent, highlighting the serious implications of this breach.
This incident comes at a time when the integration of AI into customer support systems is becoming commonplace across various sectors. Yet, as illustrated by this event, the reliance on AI without adequate human oversight can lead to severe security risks.
The Role of AI in Account Recovery
Videos shared by cybersecurity experts demonstrated how the hacking process unfolded. In one instance, a user employed a virtual private network (VPN) to mask their location while initiating the account recovery process. By communicating with Instagram’s AI assistant, they requested a new email link and received a verification code that enabled them to reset the password.
One user lamented, “We’re at the point where one AI stole it and another can’t fix it, zero humans in the loop anywhere.” This highlights a critical flaw in the current system, where automated processes lack the necessary checks to verify account ownership.
Concerns Over AI-Driven Support
Marijus Briedis, CTO at NordVPN, pointed out the dangers of AI chatbots having excessive authority without proper verification protocols. “Account recovery is one of the most sensitive parts of any platform,” he emphasised, urging that it should not solely rely on convenience, as the person requesting access may not be the rightful owner.
The growing dependence on AI for customer service raises further questions about the adequacy of human support. The BBC has reached out to Meta to ascertain whether any human assistance is available for users whose accounts have been compromised.
Why it Matters
The ramifications of this incident extend beyond individual account security; they underscore profound concerns about the reliability of AI systems in safeguarding personal information. As social media platforms increasingly adopt AI-driven solutions, the necessity for robust human oversight becomes ever more critical. Users must feel confident that their data is secure, and that there are mechanisms in place to address breaches effectively. This incident serves as a wake-up call for Instagram and other tech giants to reassess their security protocols and ensure that user trust is not compromised in the rush to innovate.
