Hackers exploit Meta's AI to seize valuable Instagram accounts

Cybercriminals have exploited a vulnerability in Meta's AI-powered Instagram assistant, enabling them to seize high-value accounts within minutes by bypassing two-factor authentication. Darius Povilaitis, head of cybersecurity at Telia, warns this marks a new phase of online threats where human vigilance alone is insufficient.

“

It is easy to imagine how helpless people feel when they lose their accounts without making any mistakes themselves.

According to Povilaitis, hackers used a VPN connection to prompt Meta's AI assistant to transfer account ownership, including changing the associated email address. The AI reportedly granted the request without verifying the true owner's identity, leaving account holders unable to react. This allowed attackers to gain control of accounts, including a former White House account from the Obama era and an official Sephora profile, subsequently offering valuable short usernames for sale on Telegram.

“

They didn't need to break anything, create any malicious programs, or send deceptive links – the robot gave everything away itself, and the real owners didn't even have time to react and understand what happened.

Security researchers identified the core issue as the AI system improperly granting permissions. The AI, capable of altering account data, accepted the attacker's request without confirming their identity, sending the verification code directly to the assailant. True account owners received no warnings during this process.

“

This 'Meta' incident shatters the myth that the infrastructure of large technology corporations automatically guarantees user safety.

Povilaitis emphasized that this Meta incident shatters the illusion that large tech corporations' infrastructure guarantees user safety. He noted the increasing trend of malicious actors quickly adapting innovations like AI for their own ends. As humans struggle to keep pace with complex systems and daily monitoring, Povilaitis advocates for automated, AI-driven security solutions to protect user data from AI errors and attacks.

“

Humans get tired, and threats grow.