Meta AI vulnerability allegedly enables Instagram password resets
Instagram is facing scrutiny after a critical vulnerability in its Meta AI-powered support system allegedly allowed attackers to take over user accounts by abusing the password recovery process.
The tool, designed to help users regain access to locked accounts, could be tricked into sending password reset codes to unauthorized individuals without proper identity verification.
The vulnerability did not involve a direct breach of Meta’s infrastructure. Instead, it existed within the AI assistant’s logic. Attackers reportedly initiated conversations with the chatbot and crafted prompts that convinced it to forward password reset links or codes.
Read more at GB Hackers