Meta patches flaw that allowed MetaAI support bot to hand out password reset links without 2FA
- Cybercriminals tricked Meta’s AI customer support agent into forwarding password reset codes
- Stolen short‑handle accounts, valued at over $1M combined, were listed for sale across Telegram
- Attack highlights risk of delegating sensitive tasks to AI systems
Cybercriminals successfully pulled off a social engineering attack against Meta’s customer support, tricking the representative into initiating a password reset sequence without asking for any identity verification.
The news here is that the representative was actually an AI agent, not a human being at all. The researchers who disclosed the attack stressed just how dangerous it is to hand over sensitive assignments to AI. Meta fixed it soon after.
According to reputable researchers ZachXBT and Dark Web Informer, cybercriminals engaged in conversation with Meta’s AI chatbotand had it forward password reset codes for someone else’s accounts. The target accounts are premium, short-handle ones, that usually have millions of followers and as such can...
Copyright of this story solely belongs to techradar.com. To see the full text click HERE
