Meta AI Bug Exposed 34,000 Instagram Accounts to Password Resets, Breaching 20,000
Updated
Updated · The New York Times · Jun 9
Meta AI Bug Exposed 34,000 Instagram Accounts to Password Resets, Breaching 20,000
3 articles · Updated · The New York Times · Jun 9
Summary
34,000 Instagram accounts were left vulnerable after hackers found they could simply ask Meta’s AI-powered customer-service chatbot to reset passwords, according to internal company documents.
20,000 of those accounts were breached, exposing email addresses, phone numbers, birth dates and other personal data; more than 3,500 also had their usernames taken over and changed.
High-profile victims included the dormant White House Instagram account for Barack Obama, SimpliSafe and a senior Space Force official, whose account was used to post pro-Iran messages.
Meta said it fixed the flaw, secured the affected accounts and still could not determine what information attackers ultimately viewed or stole.