Meta confirms 1000s of Instagram accounts were hacked by abusing its AI chatbot

Meta is notifying thousands of people whose Instagram accounts were hijacked during the months-long abuse of the company's AI chatbot, which hackers repeatedly tricked into taking control of a person's account.

In a new data breach notification letter, seen by this week in security, Meta has revealed for the first time how many people had their accounts hijacked as part of the long-running hacking campaign, which was discovered earlier this week and first reported by 404 Media ($) and TechCrunch ($). The number of affected accounts gives some clarity as to how widespread this hacking campaign was, and for how long it operated.

According to the data breach notice filed with Maine's attorney general's office late on Friday, Meta notified at least 20,225 people that their accounts had been compromised, including 30 people in Maine.

The compromises allowed the hackers to take over the person's entire Instagram and any linked accounts, including obtaining contact information, dates of birth, and profile information, as well as the ability to access the person's posts, direct messages, and account activity, the notice reads.

Meta's notice confirmed that the breach relates to "a vulnerability in an AI-assisted account recovery system for Instagram," which was exploited to "perform password resets on Instagram user accounts."

As previously reported, hackers abused a flaw in Meta's chatbot that allowed anyone to reset the password of any account that did not have two-factor authentication switched on. The bug tricked the chatbot into sending a verification code to an email address controlled by the hacker, rather than the account holder's email address on file, simply by asking it. The chatbot complied anyway.

"The tool itself worked properly and functioned as intended; however due to a bug in a separate code path, the system did not properly verify that the email address provided by the individual requesting a password reset matched the email address associated with that user’s Instagram account," said Meta in its breach notice.

"As a result, when an individual provided an email address not previously associated with the account, the system incorrectly sent a password reset link to that unassociated email rather than rejecting the request. This allowed unauthorized third parties to receive a password reset link for accounts they did not own," the company added.

At this point, Meta says, the hackers could reset someone's password and take over their account as if they were the rightful owner.

Meta said that it is "unaware" of what, if any, personal information was accessed during the hacks. (An email to Meta's press line asking for clarity on this was unreturned as of early Saturday.)

According to Maine's listing, the hacks began around April 17 and lasted until this week, when Meta said that it had secured the chatbot. Instagram reportedly started notifying affected individuals earlier this week by sending a password reset notification, even as some reported that the hacks were ongoing.

Meta also confirmed in the notice that it alerted users to secure their accounts, saying it "instructed impacted users to reset their passwords and re-authenticate through secure, verified channels."

Meta said that it has disabled the AI chatbot for now and removed the code path that allowed the chatbot to reset user accounts, and said it's also checking other chatbots across its platforms to prevent a repeat incident. It's not yet clear what circumstances led up to the chatbot being abused, but comes soon after Meta laid off thousands of employees while rewarding top executives with stock incentives, as the company continues to double-down on AI.