Who needs prompt injections when you can just say the magic word? · ↗ www.0xsid.com
Hackers gain access to high-profile Instagram accounts simply by asking Meta’s AI
Meta has been trialing AI support agents for some users, and it appears these bots were exploited to gain control of various high-profile Instagram accounts. The exploit, which included bypassing 2FA, was accomplished by simply asking the bot nicely to reroute verification codes to an email account under the attacker’s control.
People have been talking for years about prompt injection attacks (i.e., getting AIs to do what you want through the introduction of sneaky text in prompts), but it appears this attack wasn’t even that sophisticated. They just had to ask (and fake location so as not to set off any geofencing alarms).
While to exploit seems to have been patched, it’s pretty appalling that bots that are so easily exploited made it into production for something as vital as account security. Oh well, I guess we’re all too busy building the glorious future.
Hat tip to ssiddharth on Hacker News.