Meta AI chatbot flaw helped hack over 20,000 Instagram accounts
Meta had a problem in an AI chatbot used for Instagram account recovery. Hackers tricked it into sending password reset links for other people’s accounts to their own email addresses. Accounts without two-factor authentication were especially at risk. This shows why AI tools that handle account access need strict security checks.
Key points
- Meta told at least 20,225 people that their accounts were compromised.
- Hackers used the AI chatbot to get password reset links sent to an email they controlled.
- Instagram users should turn on two-factor authentication and change their password if warned by Meta.
- Makers adding an AI chatbot to support flows should keep separate checks for account ownership.
Quick term guide
- AI chatbot
- A computer program that replies in a chat like a person.
- chatbot
- A program that talks with people through text.
- account recovery
- The process of getting access back to an online account you cannot use.
- password reset links
- Links that let someone create a new password for an account.
- two-factor authentication
- A security step that asks for something extra, like an app code, after the password.
- authentication
- The login or identity check that proves who a user is.
- AI tools
- Software that can help create text, code, images, or other work.
- Owner
- The top account role that can usually change almost every setting.