![Gossip Lanka News [English]](https://blogger.googleusercontent.com/img/a/AVvXsEhYm2aFFq-bIW1nWX-RrqnPFoIsVos6_VCVz8BpLt0QJi55GNXHXC2fugeRvL0qUStEuCfs7Sfu6ZiSlhrkldxfGuE_wzy5gitY6rMZ2KSi8VBbGvkgXLks37RwZV-4-HKbWiNLRxB8C_r1e4z3mpxFTMPDJPEADoG8E-bZteWFipeD5KNGbjvCfqEfKw=s300 "Gossip Lanka News [English]")
By deceiving a customer support chatbot system powered by Artificial Intelligence (AI) technology introduced by Meta, hackers have successfully gained unauthorized access to several high-profile Instagram accounts. Several accounts, including the White House Instagram account of former US President Barack Obama, the account of the well-known beauty product company 'Sephora', and the account of Chief Master Sergeant John Bentivegna of the US Space Force, have become targets for these hackers.
After security researchers uncovered this serious security flaw, Meta confirmed in an official statement that they have taken steps to promptly resolve the issue and are working to secure the affected accounts. However, the company has not yet disclosed clear information regarding the total number of accounts affected by this incident.This past weekend, numerous ordinary users also complained vehemently on social media platforms like 'Reddit' and 'X' (Twitter), stating that their accounts had been similarly hijacked. Videos and screenshots published on Telegram by security researchers and hacker groups clearly illustrate how this theft was carried out. One video shows a hacker prompting Meta's AI assistant to link the Instagram account to a new email address. The chatbot system then states that a verification code has been sent to the new email address and asks the hacker to provide that code. As soon as the hacker enters the correct numbers, the chatbot system provides him with a button to reset the account's password.
It has been revealed that hackers used 'Virtual Private Network' (VPN) technology to bypass Meta's security measures and falsely represent the account owner's real location when carrying out this cyberattack. It is also reported that the usernames (handles) of these stolen Instagram accounts were listed for sale via the Telegram messaging app due to these unauthorized intrusions. This incident has sparked serious discussion and concern worldwide about how safe it is to rely on artificial intelligence assistants for highly sensitive security measures like passwords. This incident is particularly noteworthy as it occurs at a time when Meta is rapidly restructuring its employee roles to align with the field of artificial intelligence and working to increase the use of AI across its platforms.
This AI assistant service for Facebook and Instagram users was globally introduced by Meta earlier this year with the aim of directly assisting with numerous tasks such as reporting fraud, identifying fake accounts, moderating problematic content, and resetting passwords. Under the leadership of Meta founder Mark Zuckerberg, a massive investment of $145 billion has been made this year alone for AI infrastructure, including data centers. Their goal is to create 'super-intelligent' large language models (LLMs) with intellectual capabilities on par with humans, and Zuckerberg stated last year that this AI technology could even be used as a substitute for mental health therapists in the future. However, mental health specialists immediately expressed strong opposition, stating that such a step carries the risk of recommending incorrect advice and actions.
Aidan Synnott, a principal threat researcher at 'Sophos', a leading cybersecurity firm, points out that this incident faced by Meta is a cyberattack method known as 'prompt injection'. In this method, attackers manipulate AI chatbot systems with various tactical commands to induce them into performing inappropriate and malicious actions. Experts also warn that due to the increasing release of such AI chatbot services online without adequate security measures and safeguards, similar attacks are likely to become more prevalent in the future.