A bug in Meta’s AI-powered customer service chatbot allowed hackers to reset Instagram passwords simply by asking the bot to do it. The flaw exposed thousands of accounts to takeover attacks, raising fresh concerns about AI in security.
The exploit was straightforward. Hackers asked the AI support bot to reset passwords or change linked emails, bypassing normal checks. Victims reported that once their accounts were compromised, they had no way to escalate the issue to a human agent.
Meta said around 34,000 accounts were affected, with 20,000 successfully breached. Stolen data included emails, phone numbers, birth dates, and other personal information.
High-profile accounts were targeted, such as Barack Obama’s former White House Instagram and a senior Space Force official’s account.
Also Read: Instagram adds Scroll Break feature
Meta rolled out AI support in March across Facebook and Instagram, promising faster help with account recovery and password resets. But the incident shows how this can create new risks if there are no strong safeguards.
Meta says the flaw has been fixed and affected accounts secured.
Source: 1
