Meta confirms thousands of Instagram accounts hacked via AI chatbot abuse
Original: Meta confirms 1000s of Instagram accounts were hacked by abusing its AI chatbot
Meta says an AI-assisted Instagram recovery flaw let attackers reset passwords and hijack thousands of accounts.
Meta confirmed a vulnerability in Instagram’s AI-assisted account recovery system that let attackers redirect password reset links to attacker-controlled emails. At least 20,225 users were notified, with compromised accounts potentially exposing profile data, posts, direct messages, and activity. Meta says it has disabled the affected chatbot flow, removed the vulnerable code path, and asked impacted users to reset passwords through verified channels.
This incident is a security breach that arose after AI was inserted into an account recovery process. According to reporting and Meta's data breach notification, Instagram's "AI-assisted account recovery system" had a verification logic flaw that allowed attackers to initiate the password reset process through the Meta AI chatbot and have the system send the verification code or reset link to an email address controlled by the attacker that was not actually bound to that Instagram account. In other words, the problem was not just that the chatbot answered incorrectly, but that when the AI connected to the real account management process, the backend did not correctly check whether the requester's supplied email matched the account's existing data.
Free shows the 3-line summary; Pro unlocks the full deep summary (~300 words) so you never have to click through.
See Pro plans →Want the original English / full article?
Read on Hacker News (AI keywords) →Summaries are AI-generated; the original article is authoritative.