META'S AI support chatbot has been exploited by hackers to gain access to high-profile Instagram accounts. The hackers manipulated the chatbot to change the email addresses associated with these accounts while using a VPN to mask their locations. This straightforward prompt injection method allowed them to take over and resell valuable accounts before Meta patched the exploit on May 29.
Several notable accounts, including those linked to the former Obama White House and the Space Force, were temporarily compromised. Researchers indicated that the exploit had been active since February and highlighted the security vulnerabilities associated with AI agents that possess elevated permissions. Hackers targeted accounts valued at over $1 million, emphasizing the need for robust security measures such as multi-factor authentication to mitigate such attacks.