Instagram has resolved a security issue that allowed multiple users’ accounts to be hacked. The attack appears to rely on tricking Meta’s AI-powered support chatbot into granting access to the victim’s account.
During the weekend, numerous Users On Reddit that their Instagram accounts were hacked, and number to Users On X warned of similar account hijackings. The hacked accounts include the Instagram handle of The White House under ObamaWhich appears to have been inactive since 2017; And the account of the first sergeant in the US Space Force John Bentinvegna.
Security researcher Jane Wong said her Instagram account was also hacked.
“My password was changed without my knowledge, and I was receiving various attempts to reset the password all yesterday.” He said Wong. “Very disturbing.”
A video The post on X showed the step-by-step process to hack someone’s Instagram account. The hacker allegedly used a VPN to spoof the targets’ supposed location to avoid activating automated security for the Instagram account. The hacker then opened a chat with Meta AI Support Assistant and asked the bot to add a new email address to the target’s account. The chatbot can be seen sending a verification code to the email address provided by the hacker; The hacker then shares the verification code with the chatbot, prompting the chatbot to show a “reset password” button. The hacker enters a new password and takes over the victim’s account.
Contact us
Do you have more information about these Instagram hacks? Or other disadvantages affecting Instagram? We would love to hear from you. From a device and network outside of work, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, via Telegram and Keybase @lorenzofb, or email.
TechCrunch was able to verify that the hacker’s public email inbox, which was shown in the video, effectively received the verification code.
The attack relied on the fact that at no point did the hacker have to take over the legitimate email address associated with the victims’ Instagram account.
Andy Stone, an Instagram spokesperson, said on Monday: to reply To Wong and others sharing that the issue has now been resolved. It’s not clear how many Instagram users had their accounts accessed incorrectly.
Meta did not immediately respond to TechCrunch’s request for comment.
When you buy through links in our articles, we may earn a small commission. This does not affect our editorial independence.
