WASHINGTON: Meta, the parent company of Facebook, Instagram, and WhatsApp, has confirmed it has fixed a major security vulnerability in its artificial intelligence support system that allowed attackers to take over high-value Instagram accounts.
Binance and Telenor Pakistan Sign MoU to Promote Blockchain Education and Digital Innovation
Meta communications official Andy Stone said on X (formerly Twitter) that the issue has been resolved and affected accounts are being secured.
“This issue has been resolved and we are securing impacted accounts,” he said on Tuesday.
Security Flaw Allowed Account Takeovers
The vulnerability involved Meta’s AI-based support assistant, which is used for account recovery and technical support.
According to reports, attackers were able to bypass normal security checks and gain control of accounts without needing access to phone numbers or email addresses.
The flaw was first circulated on Telegram channels before being publicly reported on X.
How the Attack Worked
The exploit reportedly required attackers to use a virtual private network (VPN) to match the victim’s geographic location. This helped bypass automated security filters.
After that, hackers initiated a password reset process, which opened a chat window with Meta’s AI support assistant.
They then manipulated the chatbot into changing the registered email address to one controlled by the attacker. As a result, the system sent a verification code to the hacker.
Once the code was entered, the system generated a password reset link. This allowed attackers to set a new password and lock out the original account owner.
High-Profile Accounts Affected
The cyberattack reportedly affected several high-profile accounts over the weekend.
These included inactive official White House Instagram accounts linked to former US President Barack Obama, global beauty brand Sephora, and US Space Force Chief Master Sergeant John Bentivegna.
In one case, the compromised White House account was briefly defaced with pro-Iranian content before Meta intervened.
Investigation and Response
The breach was first detected after unusual posts appeared on the affected accounts.
Meta has since taken steps to secure compromised profiles and strengthen its AI-driven support systems.
The company continues to review its security protocols to prevent similar attacks in the future.
Growing Concerns Over AI Security
The incident highlights increasing risks associated with AI-powered customer support systems.
As companies expand automation in account recovery processes, cybersecurity experts warn that such tools can become targets for sophisticated social engineering attacks.
Meta has not yet confirmed how many accounts were impacted in total, but it says mitigation efforts are ongoing.
