Meta Admits Its ‘AI’ Helped Hackers Compromise 20,000 Instagram Accounts
So last week we noted how Meta's AI support assistant doled out access to high-profile Instagram accounts after hackers simply asked for it. Outside of using a VPN to match the account holder's region, the hackers didn't have to do literally anything of note to convince the Meta AI chatbot to provide access, suggesting like so many AI offerings, Meta incompetently rushed undercooked software to market.
Meta has subsequently confirmed the issues and outlined the full scope of the problem. In a data breach noticefiled with Maine's attorney general's office late on Friday and noticed by Techcrunch, Meta notified at least 20,225 people that their accounts had been compromised, including 30 people in Maine.
The compromises allowed the hackers to take over the person's entire Instagram and any linked accounts, including obtaining contact information, dates of birth, and profile information, as well as the ability to access the person's posts, direct messages, and account activity, the notice reads."
Meta's notice confirmed the problem began with a vulnerability in an AI-assisted account recovery system for Instagram," that was exploited to perform password resets on Instagram user accounts." Fortunately, the trick" didn't work if users had two-factor authentication enabled.
The company also claims it's unaware" of specifically what information was compromised during the three-week long hacking spree. Which is to say that, as with so many security breaches, the full scope of this could be worse than what's been revealed.
Meta/Facebook is, so we're clear, a company with 70,000 employees and a$1.57 trillion market cap. That they rushed an AI support chatbot into widespread service across roughly 3 billion active Instagram accounts is just a stunning level of incompetence.
As we saw with a different massive AI-related fuck up by Google last week (where all search queries were interpreted as AI prompts across the entire company's search system), these companies are apparently in such a rush to justify their massive, lopsided AI spending that they've forgotten to do basic development testing and quality control.