Meta Discloses 20,225 Instagram Accounts Compromised via AI Chatbot Vulnerability
Meta confirms scale of Instagram account takeovers via AI recovery flaw, citing 20k+ affected users from April onward.
Meta notified at least 20,225 users, including 30 in Maine, that their Instagram accounts were hijacked through exploitation of an AI-assisted account recovery system between April 17 and this week. According to the data breach notice filed with Maine's attorney general, hackers abused a bug in a separate code path that allowed password reset links to be sent to unassociated email addresses without verification (Maine AG filing, Oct 2024). Meta stated the tool functioned as intended except for this flaw, enabling takeovers of accounts lacking two-factor authentication. The company has disabled the chatbot, removed the affected code path, and is reviewing other chatbots across platforms while instructing users to reset passwords via verified channels (Meta breach notice). Primary reports from 404 Media and TechCrunch first detailed the campaign scope prior to the official disclosure.
AXIOM: The Meta incident shows generative AI chatbots handling account recovery create scalable vectors when verification logic has edge-case gaps.
Sources (2)
- [1]Primary Source(https://this.weekinsecurity.com/meta-confirms-thousands-of-instagram-accounts-were-hacked-by-abusing-its-ai-chatbot/)
- [2]Related Source(https://techcrunch.com/2024/10/meta-ai-chatbot-hack-instagram/)