Tech

Break-ins: Dashlane reports safe theft +++ Meta AI willingly helped with account hijacking on Instagram | News

Photo of Ahmed Riaz Ahmed Riaz Send an email 1 hour ago
0 0 2 minutes read

Password managers, whether from the system, a browser or another third-party app, are used as a matter of course by many users. But what happens if attackers gain access to it? This is exactly the problem Dashlane is facing right now, as a support document provides information about a “brute force” attack on individual accounts. Attackers were able to download a copy of the encrypted vault from “fewer than 20 users” – Dashlane says it notified these users directly.

The aim of the attack was not to guess the master password, but apparently to overcome 2FA protection in order to register new devices for existing accounts. Because of the many attempts, Dashlane’s protection mechanisms took effect and automatically blocked affected accounts. There is no evidence of compromise of internal systems. The provider emphasizes that vault data is not accessible without a master password and that the master password does not reach Dashlane servers in plain text. Dashlane therefore generally does not believe it is necessary to change the password – unless there is suspicion of phishing or if you are using a very weak one.

Meta AI helps hijack Instagram accounts
AI can be extremely helpful, other hackers thought. More specifically, it was about Meta’s AI support assistant, which was overly motivated and was given far too far-reaching powers. According to reports, attackers were able to get the bot to create a new email address for someone else’s Instagram account. A password reset could then be triggered via this address – without the attackers needing access to the victim’s previous email address.

The process was surprisingly simple: attackers used a VPN location near the suspected account owner, started the account recovery process and asked the Meta AI support assistant to associate a new email address with the target account. The bot then sent the verification code to the address provided by the attacker. Once the code was returned, a button appeared to reset the password and nothing stood in the way of taking over the account.

Several prominent or valuable accounts appeared to be affected, including the archived Instagram account of the Obama White House, the account of the Chief Master Sergeant of the US Space Force, Sephora, and accounts of security researcher Jane Manchun Wong and other celebrities. Meta has since confirmed that it has fixed the problem. How many accounts were taken over remains unknown.

Source link

Photo of Ahmed Riaz Ahmed Riaz Send an email 1 hour ago
0 0 2 minutes read
Photo of Ahmed Riaz

Ahmed Riaz

Related Articles

IDC on MacBook Neo: No other Mac sold better – but numbers raise questions | News

5 hours ago

In short: GoPro is facing bankruptcy +++ Amazon Prime Day 2026 announced | News

9 hours ago

MTN is looking for news editors – apply now! | News

13 hours ago

MuleSoft and Akamai Partner to Strengthen API and AI Governance

17 hours ago

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
Close

Adblock Detected

kindly turn off ad blocker to browse freely