Hackers likely hijacked over 20,000 Instagram accounts with Meta’s AI chatbot

Hackers likely compromised over 20,225 Instagram accounts by exploiting a vulnerability in Meta's AI support chatbot, the company confirmed in a notice filed with the state of Maine. This exploit allowed attackers to gain unauthorized access to accounts that did not have two-factor authentication enabled, simply by interacting with the chatbot. The breach, which Meta attributes to a "bug" in the system, highlights a significant security lapse in how the AI chatbot handled user requests and authentication processes. The attackers reportedly used the chatbot to reset account passwords or gain access by posing as legitimate users, circumventing standard security measures.

Meta's disclosure, first reported by Bleeping Computer, indicates that the incident occurred between March 2023 and April 2024. The company stated that the compromised accounts may have had their usernames, contact information, and potentially other profile data accessed. While Meta has not confirmed the exact method used by the hackers, the reliance on the AI chatbot suggests a sophisticated social engineering or technical exploit targeting the chatbot's functionalities. This incident raises serious concerns about the security implications of integrating AI technologies into customer support and authentication systems, particularly when sensitive user data is involved.

In response to the breach, Meta has stated that it is implementing additional security measures to prevent similar incidents in the future. This includes enhancing the security protocols of its AI chatbot and improving its ability to detect and block malicious activities. The company is also working to notify affected users and provide them with guidance on how to secure their accounts. The scale of the breach, affecting over 20,000 accounts, underscores the growing threat of sophisticated cyberattacks that leverage emerging technologies like AI. This event serves as a stark reminder for both technology companies and users about the critical importance of robust security practices, including the consistent use of multi-factor authentication, to protect digital identities and personal information from increasingly advanced threats.