Meta A.I. Support Bot Meets Robert Hackerman, the County Password Inspector ⇥ krebsonsecurity.com
A video released on Telegram by pro-Iran hackers claimed to document a remarkably simple exploit that appears to have involved using a VPN connection with an IP address that is in or near the target’s usual hometown, requesting a password reset for the account, and then choosing to chat with Meta’s AI support assistant. From there, the video shows the attacker told the bot to link the account in question to a new email address, after which the bot dutifully sent that address a one-time code that allowed a password reset.
Meta, a trillion-dollar corporation, should probably hire a few more people who have read the SMBC comic.