META
The bot blinked
Instagram says it has fixed a bug that reportedly let hackers trick its AI support tool into giving them access to other people’s accounts.
Posts shared on social media claimed hackers could use Instagram’s recovery process to change the email linked to an account, then reset its password.
Some reportedly used VPNs to make it look like they were in the account holder’s location.
Meta spokesperson Andy Stone said the issue had been resolved and that affected accounts were being secured.
He also denied claims that world leaders’ accounts were hacked through the flaw.
It is unclear how many accounts were affected.
However, 404 Media reported that posts about the bug appeared around the same time as several high-profile Instagram takeovers, including a verified account once used by Barack Obama.
Security researcher and former Meta employee Jane Manchun Wong also said her Instagram password had been changed without her knowledge.
The incident has raised concerns about AI support tools being used for sensitive tasks like account recovery.
In brief
Hackers reportedly used VPNs to fake their location.
Instagram’s AI support tool allegedly approved risky account changes.
Some users said they struggled to reach human support after being hacked.
VPNs did overtime
Cybersecurity experts warned that AI support tools can become a security risk if they are given too much control without enough checks.
This is like one of those worst case scenarios you’d think can’t ever happen - MV