Meta's AI-powered chatbot was exploited by hackers to take over numerous Instagram accounts. This incident highlights the risks of tech companies entrusting AI with handling sensitive requests, such as changing login emails or recovering accounts.
According to 404 Media, numerous videos demonstrating how to exploit the vulnerability have circulated in Telegram groups used by hackers and security researchers. The method is described as quite simple: hackers use location masking tools to make the system believe they are near the account owner's location, then instruct Meta's support chatbot to change the email address associated with the target Instagram account.
When the email address is changed, the attacker can request a password reset and gain control of the account. Some Instagram accounts with short, memorable names or associated with celebrities can be bought and sold at very high prices on the unofficial market.
Meta stated that the issue has been resolved and the company is protecting affected accounts. According to 404 Media, Meta urgently patched the vulnerability on May 29th. However, it is currently unclear how many accounts were compromised before that date.
The Meta logo is displayed at the LlamaCon 2025 AI developer conference in Menlo Park, California, USA, on April 29, 2025. (Photo: AP)
Several prominent accounts are believed to have been affected, including the Barack Obama White House account, the account of a senior Space Force official, and the account of retailer Sephora. The Barack Obama White House account had posted images and messages supporting Iran during the period of the hack.
Security experts suggest that users should still enable multi-factor authentication to reduce the risk of account compromise. This measure requires login users to verify their identity in addition to their password, such as entering a code sent via text message.
The incident raises questions about the security of AI tools in customer support services. If AI has the authority to change account information, the system needs to conduct independent checks before allowing changes to email addresses, password resets, or other critical operations.
Source: https://vtv.vn/chatbot-ai-cua-meta-bi-loi-dung-de-chiem-tai-khoan-instagram-100260602150127808.htm
![[Photo] General Secretary and President To Lam presides over a meeting on preparations for the review of one year of operation of the three-tiered government system.](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2026/06/02/1780391821195_a1-bnd-4595-9717-jpg.webp)
Comment (0)