Just over a week ago, Meta’s AI-powered chat assistant unwittingly gave hackers access to thousands of Instagram accounts, including high-profile ones such as makeup retailer Sephora and the top noncommissioned officer of the US Space Force, as well as Barack Obama’s White House account.
The exact number was later revealed in a regulatory filing with the Maine attorney general’s office. The total stands at 20,225 compromised accounts (30 of whom were Maine residents).
The hack, reported by 404 Media last week, was easy to pull off against account holders who had not enabled two-factor authentication. Hackers simply asked the AI-powered bot to change the email address for a targeted account to their own. Once that was granted, the hackers requested a password reset, prompting the AI to send a code to their personal email address. After hackers verified the password reset, they were able to take control of the account.
An edited step-by-step video of the process even appeared on X, showing how the hackers used a VPN to make it seem they were in the target’s location. At no point did the hackers even need the user’s email address or original password.
In an incident notification letter to Maine Attorney General Aaron Frey, dated June 5, Meta acknowledged “a vulnerability in the AI-assisted account recovery system for Instagram … that was exploited by unauthorized third parties to perform password resets on Instagram user accounts.”
After the exploit was made public, many Instagram users reported on Reddit and X that their accounts had been hacked, though the breadth of the hack wasn’t clear at the time. A Meta spokesperson posted on X that the exploit was fixed as of June 1, shortly after initial reports.
How did AI let the hack happen?
The problem is almost entirely due to Meta’s customer support now being run by AI. The tech giant made the switch back in March, saying it would enable “24/7 help for account issues like updating your password and settings for your profile.”
But with the AI chatbot handling the whole process, humans couldn’t step in when suspicious activity began. That allowed hackers to carry out the social engineering-style attack and pull it off multiple times before anyone noticed.
Affected accounts were forcibly logged out for all users and email addresses were restored. Users were then told to reset their passwords and reauthenticate their logins. Meta says that once the accounts are secured, a second notice will be sent to remind people to turn on two-factor authentication to prevent future attacks.
Meta has not yet responded to a request for comment.
How to protect yourself from similar attacks
The social engineering exploit had one major limitation: It did not work on accounts with multifactor authentication. Those accounts either already had the code in their authentication app of choice or received it by text. Without the MFA setting, the one-time reset code appears to be sent to an email address of choice, thereby letting hackers just, well, have it.
The best way to protect yourself is to enable multifactor authentication, which is available on all of Meta’s platforms. It won’t protect you 100% of the time, but it’s a lot better than a password by itself, and it would’ve protected against this particular exploit entirely.
There are other things you can do to beef up account security, including using passkeys where available and a private email address to make your account credentials harder to find.
