Instagram security alert: Hackers exploit Meta AI chatbot to steal passwords, hijack accounts

Cybersecurity experts have issued warnings to Instagram users related to a new kind of AI-powered cyber threat, invading the privacy of users.

According to the researchers, AI models and large language models (LLMs) such as Meta AI chatbot can easily be exploited by hackers to hijack multiple accounts and steal passwords. The technique the hackers are using for these nefarious activities is “prompt injection.”

Based on this technique, the rogue actors have easily tricked Meta AI chatbot into exposing the passwords by easily bypassing guardrails.

In the past few days, such disturbing incidents have come to surface where a number of high-profile Instagram accounts have been compromised, including the account belonging to the Chief Master Sergeant of the US Space Force, beauty brand Sephora’s account and former White House account.

A video showing the technique to hijack the account is widely circulating on social media. The process is based on a strategy named “social engineering”. 

The hacker gives command Meta AI to reset the password of the targeted account and instructs it to send verification code to the new email address by convincing the chatbot to adopt a persona generated by other tools. After verifying the identity, they can easily change the verification email as well.

On Monday, Meta issued a statement, “This issue has been resolved, and we are securing impacted accounts.” It is unclear how many accounts were affected.

The recent security issue to Instagram privacy has stirred serious concerns among social media users.

One wrote on X, “Just wait until those same social media companies have your passport and identification.”

Another one commented, “AI can cause more harm than good if not properly managed and restricted.”