Kerbs on Security has the story: Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts
I am not shocked.
No hacking required. Just find the account you are interested in, and ask the Meta support AI to help you reset your password.
The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how to trick Meta’s “AI support assistant” bot into resetting account passwords.
It isn't really a hack. The bad guys asked the AI tools to send the password reset link to a "new email address." It bypassed 2-factor authentication. It accepted AI-generated videos for selfies. (Grab a photo, and ask your favorite AI to make a 30 second video, and your in.)
What?
Meta has not responded to requests for comment on the video’s claims, but Meta’s Andy Stone said on Twitter/X that the issue had been resolved and that they were securing impacted accounts. The security blog thecybersecguru.com reports that Meta pushed an emergency patch over the weekend, and clarified that no back end database was breached.
So are you really sure you want AI involved in everything? Everything related to security?
Here is Mutahar's SomeOrdinaryGamers video So Instagram Got Completely Hacked...
How did we even get to this point? What the F- is going on?
The video is 17 minutes.
No comments:
Post a Comment
Comment Moderation is in place. Your comment will be visible as soon as I can get to it. Unless it is SPAM, and then it will never see the light of day.
Be Nice. Personal Attacks WILL be deleted. And I reserve the right to delete stuff that annoys me.