Instagram began sending notification emails to account owners today if it detects activity outside of normal daily routines. The emails were sent even though Instagram said a few days ago that a flaw in the Meta AI chatbot allowed accounts to be easily stolen.
Meta's vice president of communications, Andy Stone, said that they had managed to regain control of the stolen accounts and the process of returning them to the original owners was underway. He also said that victims of stolen accounts will receive a password reset email and will be asked security questions when trying to log back into the account.
Last weekend, a flaw in the Meta AI chatbot allowed account ownership to be transferred without permission as simple as asking the chatbot to do it. The Meta AI chatbot simply asked for a selfie to be taken to verify identity. Then the hackers used generative AI to generate a selfie with the account owner's face. Meta AI failed to detect the fraud, which led to the accounts of Barack Obama's White House, Sephora and the head of the Space Force being successfully seized.
The hacking group claims that they can still exploit this Instagram flaw even after Meta claimed that the flaw had been patched.
