Updated
Updated · The New York Times · Jun 9
Meta AI Bug Exposed 34,000 Instagram Accounts to Password Resets, Breaching 20,000
Updated
Updated · The New York Times · Jun 9

Meta AI Bug Exposed 34,000 Instagram Accounts to Password Resets, Breaching 20,000

3 articles · Updated · The New York Times · Jun 9

Summary

  • 34,000 Instagram accounts were left vulnerable after hackers found they could simply ask Meta’s AI-powered customer-service chatbot to reset passwords, according to internal company documents.
  • 20,000 of those accounts were breached, exposing email addresses, phone numbers, birth dates and other personal data; more than 3,500 also had their usernames taken over and changed.
  • High-profile victims included the dormant White House Instagram account for Barack Obama, SimpliSafe and a senior Space Force official, whose account was used to post pro-Iran messages.
  • Meta said it fixed the flaw, secured the affected accounts and still could not determine what information attackers ultimately viewed or stole.

Insights

Is Meta's latest AI security failure just another breach in a long, unfixable pattern?
How did hackers trick an AI helper into giving away 20,000 Instagram accounts?
What is the true cost of replacing human support with AI that can be so easily fooled?