Cybercriminals successfully tricked Meta's AI customer support agent into forwarding password reset codes, highlighting the risks of delegating sensitive tasks to AI systems, based on information published by Tech Radar.
Cybercriminals engaged with Meta's AI chatbot, convincing it to initiate a password reset sequence for a user's account without proper identity verification. The targeted accounts were premium, short-handle Instagram accounts, valued at over $1 million combined, which were then listed for sale on Telegram.
Researchers ZachXBT and Dark Web Informer identified specific accounts, @hey and @jowo, being offered for sale. Meta has since fixed the vulnerability, stating that no systems were breached and user accounts remain secure.
This incident underscores the potential dangers of AI in handling sensitive operations and emphasizes the need for robust security protocols, even when interacting with automated systems. While multi-factor authentication is recommended, the attack targeted the platform's internal processes rather than individual users' defenses.
Source: Tech Radar
Kelley Damore is Chief Content Officer at CyberRisk Alliance, where she leads content strategy across the company’s digital brands, research, communities and live events serving CISOs and security practitioners. At CyberRisk Alliance, she is focused on delivering 365-day engagement, trusted journalism and actionable insights to help security leaders navigate an increasingly complex threat landscape.
Kelley Damore is Chief Content Officer at CyberRisk Alliance, where she leads content strategy across the company’s digital brands, research, communities and live events serving CISOs and security practitioners. At CyberRisk Alliance, she is focused on delivering 365-day engagement, trusted journalism and actionable insights to help security leaders navigate an increasingly complex threat landscape.
An error occurred trying to play the stream. Please reload the page and try again.
CloseRegistering with SC Media is 100% free. Join tens of thousands of cybersecurity leaders today and gain access to the latest analysis shaping the global infosec agenda.
