Meta AI Chatbot Flaw Hijacked 20,000+ Instagram Accounts

Key Takeaways

• 20,225 Instagram accounts were hijacked through a flaw in Meta's AI account recovery chatbot
• Hackers tricked the AI into sending password reset links to attacker-controlled email addresses
• Accounts without two-factor authentication were vulnerable to the attack

What Happened

Meta is notifying more than 20,000 Instagram users that their accounts were hijacked over several months. The culprit: a bug in the company's AI-powered account recovery chatbot that hackers exploited to bypass security checks.

According to a data breach notification filed with Maine's attorney general on Friday, Meta revealed that 20,225 people had their accounts compromised, including 30 residents of Maine. The breach gave hackers full control of victims' Instagram accounts and any linked accounts.

The attackers could access contact information, dates of birth, profile data, posts, direct messages, and account activity. The campaign ran for approximately three months before Meta acknowledged and patched the flaw.

How the Attack Worked

The vulnerability existed in Meta's AI-assisted account recovery system for Instagram. When users requested password resets through the chatbot, the system was supposed to verify that the email address provided matched the one on file. It didn't.

“The tool itself worked properly and functioned as intended; however due to a bug in a separate code path, the system did not properly verify that the email address provided by the individual requesting a password reset matched the email address associated with that user's Instagram account.”

— Meta, in its data breach notification

Hackers simply asked the AI chatbot to send a password reset code to an email address they controlled. The chatbot complied. Once they received the reset link, attackers could change the password and lock out the legitimate owner.

Only accounts without two-factor authentication enabled were vulnerable. The attack exploited what security researchers call a "Confused Deputy" problem, where a system with elevated privileges is tricked into misusing that access.

The Core Problem: AI Without Guardrails

Meta introduced the AI chatbot to streamline account recovery and support requests globally. The company gave the AI high-level permissions to update account recovery details. The missing piece: human verification before executing sensitive actions like password resets.

“Natural language is not an authorization protocol. You cannot build a system that manages access and account recovery purely on a LLM's interpretation of intent.”

— Independent Cybersecurity Analyst

The Hacker News community labeled this a textbook Confused Deputy vulnerability. Reddit's cybersecurity forum noted the irony: Meta's automated support bot was more efficient at helping hackers steal accounts than human staff were at helping victims recover them.

Meta's Response

Meta says it has patched the vulnerability and is working to secure affected accounts. Andy Stone, Meta's VP of Communications, confirmed the fix is in place.

The company claims it is "unaware" of what personal information attackers actually accessed during the hijackings. This is notable because the hackers had full account access, meaning they could view anything the legitimate owner could see.

Some hijacked accounts included rare "OG" handles, short or desirable usernames that sell for significant sums on underground forums. Security researchers estimate such handles can fetch over $100,000 on the black market.

How to Protect Your Account

The single most effective protection against this specific attack was two-factor authentication. Accounts with 2FA enabled were not vulnerable because the password reset alone wasn't enough to gain access.

• Enable two-factor authentication in Instagram's security settings
• Use an authenticator app rather than SMS for 2FA when possible
• Review your account's email address and phone number regularly
• Check login activity for unfamiliar devices or locations
• Use a unique, strong password for your Instagram account

If you receive a notification from Meta about this breach, change your password immediately, review your account settings, and check for any unauthorized changes to your profile or linked accounts.

Frequently Asked Questions

Was my Instagram account affected by the Meta AI chatbot hack?

Meta is directly notifying affected users. If you received a data breach notification letter from Meta, your account was compromised. You can also check your email activity for password reset requests you didn't initiate.

How did hackers trick Meta's AI chatbot into hijacking accounts?

Hackers asked the AI chatbot to send password reset links to email addresses they controlled. A bug prevented the system from verifying that the email matched the account on file, so reset links went to attackers instead of legitimate owners.

Does two-factor authentication protect against this type of attack?

Yes. Accounts with two-factor authentication enabled were not vulnerable because attackers couldn't complete the login even with a reset password. The additional verification step blocked unauthorized access.

Has Meta fixed the AI chatbot vulnerability?

Yes. Meta confirmed the issue has been resolved and says it is securing impacted accounts. The company patched the flaw after the breach was reported by 404 Media and TechCrunch.

What information did hackers access from hijacked Instagram accounts?

Attackers could access contact information, dates of birth, profile data, posts, direct messages, and account activity. Meta says it is unaware of exactly what information was accessed in each case.

Source: Hacker News: Best