黑客利用 Meta 的 AI 支持机器人窃取 Instagram 账号
Hackers Used Meta's AI Support Bot to Seize Instagram Accounts

原始链接: https://krebsonsecurity.com/2026/06/hackers-used-metas-ai-support-bot-to-seize-instagram-accounts/

亲伊朗黑客近期劫持了包括奥巴马白宫和美国太空军在内的多个高知名度Instagram账号,其手段是利用Meta新推出的AI客户支持机器人。Telegram上流传的说明详细阐述了攻击者如何诱导AI将目标账号绑定至新的电子邮箱地址,从而绕过安全机制并触发密码重置。 安全专家指出,这起事件凸显了一个新的危险攻击面:旨在简化账号恢复流程的AI聊天机器人,同样容易受到针对人工客服的社会工程学攻击。虽然Meta随后部署了紧急补丁以解决该问题,但此次事件强调了自动化处理敏感行政任务所带来的风险。 值得注意的是,该漏洞对启用了多因素身份验证(MFA)的账号无效。网络安全研究人员强调,使用强有力的MFA(例如安全密钥或通行密钥)仍是对抗此类自动化攻击最有效的防御手段。Meta已确认问题得到解决,且没有后端数据库遭到破坏。

Hacker News 近期的一项讨论揭露了一个重大的安全漏洞:黑客正通过操纵 Meta 的人工智能支持机器人来窃取 Instagram 账号。攻击者并未采用技术手段,而是通过社会工程学手段诱骗机器人发送账号登录链接。 评论者普遍批评 Meta 疏忽大意,认为在缺乏足够安全保障的情况下,将实验性的、未经严谨设计的 AI 系统用于处理敏感的账号恢复任务,是一项重大的架构失误。虽然关于这究竟是“黑客行为”还是仅仅利用了设计缺陷的自动化流程仍有争论,但普遍共识是,这一做法反映了该公司对安全性的忽视。 用户还指出,这些身份验证流程持续失效,再加上令人沮丧且故障频发的验证码系统,导致许多合法用户无法找回被盗账号。此次事件加剧了外界对 Meta 内部开发文化的批评,许多人认为这一失误是该公司将快速整合 AI 优先于核心安全协议所导致的必然结果。
相关文章

原文

The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how to trick Meta’s “AI support assistant” bot into resetting account passwords.

A screenshot from a video released on Telegram claiming to show how Meta’s AI customer support bot could be tricked into resetting a target’s password.

On May 31, word began to spread on several Telegram instant message channels that Meta’s AI bot would happily add an email address to an existing account as part of the bot’s standard password reset flow.

A video released on Telegram by pro-Iran hackers claimed to document a remarkably simple exploit that appears to have involved using a VPN connection with an IP address that is in or near the target’s usual hometown, requesting a password reset for the account, and then choosing to chat with Meta’s AI support assistant. From there, the video shows the attacker told the bot to link the account in question to a new email address, after which the bot dutifully sent that address a one-time code that allowed a password reset.

The Telegram account that posted the video also linked to screenshots of pro-Iran images, videos and messages that defaced the hacked Instagram accounts, saying hackers had used the exploit to hijack a number of valuable (read: short) Instagram account names that allegedly have a resale value of more than a half million dollars.

Meta has not responded to requests for comment on the video’s claims, but Meta’s Andy Stone said on Twitter/X that the issue had been resolved and that they were securing impacted accounts. The security blog thecybersecguru.com reports that Meta pushed an emergency patch over the weekend, and clarified that no back end database was breached.

“Instagram has notoriously poor human support infrastructure,” Cybersecguru wrote. “Recovering a locked account – especially a high-value one can take weeks of back-and-forth with an automated ticketing system. Meta’s solution was to deploy a conversational AI layer to handle common recovery workflows: relinking a lost email address, triggering a password reset, verifying account ownership. The assistant, presumably, was supposed to reduce friction for legitimate users stuck in account-access hell.”

Ian Goldin, a threat researcher at Lumen’s Black Lotus Labs, said we’re entering unchartered security territory as more large online platforms start allowing AI chatbots to handle sensitive account recovery requests. Just like human customer support employees can be social engineered into providing unauthorized access to someone’s account, AI bots are equally eager to help and vulnerable to persuasion and trickery, he said.

“AI chatbots create interesting new attack surface, and we’re likely going to see a lot more of these kinds of attacks,” Goldin said.

Securing your various online accounts means taking full advantage of the most secure form of multi-factor authentication (MFA) offered (such as a passkey or security key). In this case, even using the least robust form of MFA that Instagram offers — a one-time code sent via SMS — likely would have blocked the exploit: The hackers who released the video on Telegram said their exploit failed to work against any accounts that had MFA enabled.

联系我们 contact @ memedata.com