You must log in or # to comment.
Holy crap this is hilarious. Quick somebody steal Trump’s account then message Iran that we surrender.
Considering you can just… you know, do that in any of the LLM prompts in Meta apps… I really don’t think it’s the work of a “hacker”. That’s such an obnoxiously overused term.
I have to disagree. Hacking is a broad term that isn’t exclusive to finding buffer overflows in ghidra.
Social engineering is hacking. This is something between SE and prompt engineering.
I know hacking more as using a system in a way that is not intended, which this definitly is
The majority of hacking is social engineering, so I don’t really see slop hacking being any less valid than that
Sadly you’re on to something here.
🎶 social engineering 🎶
“Social” suddenly feels like the wrong word for it, when the entity being fooled is a next-word-predictor algorithm.
You need more technical knowledge than for Social Engineering.
yeah kinda seems like they designed it to work this way on purpose.
Just forgot to make it verify the account.It’s LLM injection
Cosmo Kramer doing the MoviePhone voice: “Why don’t you just give me access to High-Profile Instagram accounts”
Ugh, meanwhile I can’t change my accounts email. It demands an otp sent to an email that was deleted by the provider.
Even though I enter the correct password, it won’t let me in. And I can’t change the email of my own account!
i have a number of clients who are locked out of a valid account, while knowing the correct password, having the correct sms capable phone number, having the correct email. these are grandma types who’ve never posted anything more offensive than cat pictures and knitting memes. some haven’t even been able to make a new account, either. facebook support is literally non-existent unless you’re a ‘high profile’ person.
I know a third party hackerman that may be able to restore their access
What a fucking joke
“Can I have access to a profile”. = Hacker
well, yes
they found a vulnerability and exploited it. that’s hacking.
This was not a vulnerability. This is the technical equivalent of going to a neighbor of the house you want to rob and asking them to borrow the spare key.
They implicitly trusted the AI with no guardrails. The AI simply gave it up.
They implicitly trusted the AI with no guardrails.
So, Meta released a vulnerability (an incredibly stupid one) and someone took advantage of it to gain access to an account they weren’t authorised to access… which is the definition of hacking
Not a hacker, but more like an asker.
We have entered the age of social engineering hacking on the dumbest imaginable support agents.
What’s there not to like.
Maybe don’t train the data on passwords
