Hackers trick Meta AI into handing over Instagram accounts – including Barack Obama’s

Hackers Trick Meta AI into Handing Over Instagram Accounts

Hackers trick Meta AI into handing - Recent security flaws have revealed how hackers manipulated Meta's AI-powered Instagram platform, gaining access to notable accounts like Barack Obama’s. The exploit, confirmed by Meta, demonstrates vulnerabilities in AI-driven systems that can be exploited to steal digital identities and transfer control to unauthorized users. This incident has raised concerns about the security of high-profile social media profiles and the reliance on automated tools for account verification.

AI Vulnerabilities Enable Account Takeovers

Attackers leveraged Meta AI’s integration into Instagram to execute a "confused deputy" attack, where the system was tricked into performing actions on behalf of others. By crafting specific prompts, hackers were able to bypass standard authentication processes. This method, which doesn’t directly target Meta’s infrastructure, instead exploits user trust in the AI’s ability to assist with account management tasks. The former U.S. President’s White House account was among the high-profile targets, highlighting the scale of the threat.

According to cybersecurity reports, approximately 100 verified accounts were compromised, with some sold on the dark web. The affected profiles often had short usernames, making them prime targets for resale. The breach was uncovered through an analysis by Chidori Monitor, which tracked the infiltration of accounts like @hey and @e. Dubai-based user Hamza, whose account was taken over, described the process in detail, emphasizing the AI’s role in enabling the attack.

“Meta is over-relying on AI systems,” Hamza stated. “I spent hours navigating automated support tools that couldn’t identify the real issue.”

Hamza explained that his account was disabled overnight after a hacker changed his email address. The AI, in response, sent a password reset code to the attacker’s email instead of the user’s. This allowed the intruder to bypass two-factor authentication, a critical security layer. The incident underscores how even well-designed systems can be manipulated through cleverly phrased prompts, creating pathways for unauthorized access.

Exploit Method Revealed in Viral Demonstration

A popular video on Telegram, shared by the account Concetic Larp, detailed the attack’s methodology. Attackers used a virtual private network (VPN) to mimic the victim’s location, bypassing regional security checks. This technique enabled them to simulate a legitimate login and trigger the "forgot password" function. The AI-powered recovery system then verified the new email address, granting control to the hacker.

The breach also affected the Chief Master Sergeant of the U.S. Space Force, John Bentivegna, whose account was flooded with anti-American and pro-Iranian messages. Bentivegna noted that the attack disrupted his ability to manage his profile, prompting a call for better oversight of AI tools. Cybersecurity experts warn that such attacks often rely on social engineering, making them harder to detect than traditional hacking methods.

“We’re working with teams to regain control of the account,” Bentivegna said, underscoring the need for improved AI security measures.

Meta’s spokesperson, Any Stone, confirmed that the issue was resolved and the affected accounts are now secured. However, the company has acknowledged that the breach highlights the risks of trusting AI with critical security functions. While AI enhances user experience, it also introduces new attack vectors. The incident has prompted discussions about balancing convenience with robust authentication protocols, especially for accounts linked to political or institutional entities.

Broader Implications for Digital Security

Experts suggest this breach is part of a growing trend of AI-assisted cyberattacks. Machine learning models are being used to automate phishing and account takeovers, making them more efficient and scalable. The infiltration of Barack Obama’s account, in particular, has sparked debates about the security of social media platforms. Such attacks could be used to spread misinformation or influence public perception, especially when targeting influential figures.

As AI continues to play a central role in digital interactions, ensuring its security becomes paramount. Meta’s tools, designed to streamline user tasks, now serve as potential entry points for malicious actors. The company’s response to the incident includes updates to its AI systems, but the broader issue of trust-based exploitation remains unresolved. Cybersecurity professionals urge platforms to implement additional safeguards to protect against similar vulnerabilities in the future.