Hackers deceived Instagram’s AI chatbot, prompting it to provide access to user accounts. The hackers were reportedly able to change passwords for the accounts by falsifying their location and then requesting the AI alter the emails associated with them. 

In a statement on X, Meta spokesperson Andy Stone asserted that the issue was resolved and the impacted accounts were being secured. Reports arose that the vulnerability may have been linked to a series of account takeovers of high-profile individuals, and when it was claimed that world leaders were involved, Stone decried the suggestion as “totally false.”  

Among the list of potentially impacted, high profile individuals is former United States President Barack Obama. The account was used during his tenure in the White House. Upon the alleged hacking, the account posted pro-Iran content before being recovered.

“This is a great illustration of why AI agent authorization is the harder, and more critical, problem than authentication,” says Dan Moore, Sr. Director, CIAM Strategy & Identity Standards at FusionAuth. “Meta’s bot verified nothing about who was asking; it just helpfully did what it was told to do, up to and including sending the attacker email a confirmation code to make sure the new email address was valid. The industry is pretty focused on keeping AI from saying bad things. That’s fine, as long as we don’t completely overlook whether AI should be allowed to do what it’s trying to do.”