Meta has finally put a number on how many Instagram accounts were breached after hackers tricked its AI-powered support chatbot into helping them take over accounts.
The social media company filed a data breach notice with Maine’s attorney general’s office on Friday, stating that 20,225 people were affected. According to the filing, the breach began on April 17 and was discovered on May 31.
Several outlets reported last week that hackers were able to convince Meta’s AI support chatbot to link email addresses they controlled to Instagram accounts they did not own. That allowed the hackers to reset passwords and take over the accounts.
404 Media reported that the attacks coincided with the hacking of a number of high-profile Instagram account, including the Barack Obama White House account, the account of the Chief Master Sergeant of the U.S. Space Force, and the account the makeup company Sephora.
The breaches come amid growing concern that AI could make cyberattacks faster and easier. Google recently said hackers used AI to help discover a zero-day vulnerability, the Pentagon is reportedly exploring weaponizing cyber-capable AI models, and researchers have warned that AI-powered worms could spread with little human involvement. But the Instagram attacks show the risk can be much simpler.
Meta announced its AI support assistant in March, saying it would help users sort out account issues like password resets.
According to earlier reports, hackers used VPNs to make it look like they were in the same country as the accounts they were targeting. They then initiated a password reset and asked to chat with Meta’s AI support assistant. From there, they asked the assistant to link their own email address to the target’s account.
The AI assistant would then send a password reset link to the attacker’s email. The attacker could use that link to finish the password reset and gain access to the account. It’s worth noting that the attack only appears to have worked on accounts that did not have two-factor authentication enabled.
“The tool itself worked properly and functioned as intended; however due to a bug in a separate code path, the system did not properly verify that the email address provided by the individual requesting a password reset matched the email address associated with that user’s Instagram account,” Meta wrote in the notice to Maine’s attorney general.
According to the notice, Meta said it is unaware of what personal information, if any, was actually accessed. But the company said attackers may have been able to access information like contact information, dates of birth, profile information, direct messages, account history, and information from connected accounts or linked services.
“We fixed this issue, secured impacted accounts and restored individuals’ access. Some of our internal backend checks failed in this instance, but it wasn’t due to the AI agent itself, and we’ve addressed the underlying cause. Consistent with our obligations, we’re notifying regulators of the issue and will also formally notify potentially affected individuals,” a Meta spokesperson told Gizmodo in emailed statement.
The company added, in the breach notice, that on the same day the breach was identified the company disabled the AI-assissted support tool, removed the vulnerable code path, and invalidated existing password reset links.
The company also said it is conducting a review of similar account recovery flows across Meta platforms to look for and fix similar vulnerablities.
