Meta confirms thousands of Instagram accounts hacked via AI chatbot
Original: Meta confirms 1000s of Instagram accounts were hacked by abusing its AI chatbot
Why This Matters
Demonstrates critical security risks in AI-powered authentication systems
Meta confirmed that over 20,000 Instagram accounts were compromised through hackers exploiting its AI chatbot to reset passwords. The vulnerability lasted from April 17 until this week when it was patched.
Meta disclosed that at least 20,225 Instagram users had their accounts hijacked after hackers exploited a vulnerability in the company's AI-assisted account recovery system. The attack began around April 17 and continued until this week. Hackers tricked Meta's AI chatbot into sending password reset verification codes to attacker-controlled email addresses instead of legitimate account holders. The flaw only affected accounts without two-factor authentication enabled. According to Meta's breach notification, 'The tool itself worked properly and functioned as intended; however due to a bug in a separate code path, the system did not properly verify that the email address provided by the individual requesting a password reset matched the email address associated with that user's Instagram account.' Compromised accounts gave hackers access to contact information, dates of birth, profile data, posts, direct messages, and account activity.