An Instagram hack that saw attackers talk Meta’s (META.O), AI support chatbot into handing over access to high-profile accounts has exposed a critical flaw at the heart of the company’s push to automate sensitive user functions.
The breach allowed hackers to seize accounts including the dormant Obama White House page, beauty retailer Sephora and a senior US Space Force official.
The chatbot was persuaded to reset account credentials without independently verifying identity, effectively turning a high-trust security tool into a big weakness, cybersecurity experts told Reuters.
The episode underscored a broader vulnerability as tech companies hand AI systems sweeping authority over tasks such as account recovery, even as those systems remain susceptible to manipulation through what experts said is a class of attack known as “prompt injection”.
For Meta, the stumble comes at a sensitive time. The social media giant has doubled down on AI, shedding thousands of jobs while pledging up to $145 billion on AI infrastructure. This incident could sharpen concerns that the company was accelerating automation of critical functions before the technology was ready to handle them safely.
Meta said on Monday the issue was resolved and it was securing impacted accounts, but the incident jolted investors already worried about the company’s hefty AI spending, sending its shares down more than 5%.
