admin
Hackers recently pulled off a brazen abuse of Meta’s own AI support system, simply asking the chatbot to hand over access to high-profile Instagram accounts — and the bot complied. What began as a report from investigative outlets quickly showed that this wasn’t a clever zero-day exploit but a humiliating failure of judgment: Meta gave its AI the keys to reset accounts and the hackers walked away with premium handles.
The technique was embarrassingly simple: attackers used VPNs to simulate the victim’s location, opened a chat with Meta’s AI support assistant, and instructed it to add an attacker-controlled email before requesting a password reset. Screenshots and logs reviewed by independent researchers show the bot issuing verification codes and enabling account takeovers, affecting official and celebrity pages alike.
Meta scrambled to patch the flaw after the abuse became public, claiming it “fixed an issue” and insisting that there was no system breach while quietly rolling back the most dangerous automation. That response does not erase the fact that the company entrusted sweeping account-management powers to an unproven AI, and only moved after bad actors began cashing in.
This calamity is the predictable result of Big Tech prioritizing automation and cost-cutting over real security and human oversight. When corporations replace trained personnel with glorified chatbots, hardworking users lose control of their digital lives and the public loses faith in platforms that are supposed to protect us.
Worse still, the stolen accounts were openly marketed on criminal channels for huge sums, proving that these vulnerabilities don’t just inconvenience users — they create a thriving black market for identity and influence. If Meta thought a single patch would quiet the outrage, it underestimated how much damage is done when trust is burned, and how quickly adversaries exploit every opening.
Americans should demand accountability: congressional oversight hearings, meaningful fines, criminal referrals where appropriate, and a requirement that critical account recovery decisions be handled by humans with audited procedures. In the meantime, every user should enable strong multi-factor protection and use private recovery emails, while patriots remind regulators that national security, free speech, and common-sense privacy require us to rein in reckless tech experiments before they cost us everything.
