Meta AI Chatbot Bug Exposed Over 34,000 Instagram Accounts to Hackers
A vulnerability in Meta's customer service AI chatbot allowed hackers to reset passwords for more than 34,000 Instagram accounts in March, with approximately 20,000 accounts fully breached. The flaw was discovered by hackers who could request password resets through the AI tool, affecting high-profile accounts including the former Obama White House Instagram page and accounts belonging to SimpliSafe and a Trump Space Force official. The incident highlights security risks in AI-powered customer service tools as Meta expands its business automation offerings.
In March, hackers discovered a critical vulnerability in Meta's customer service AI chatbot that allowed them to reset passwords for Instagram accounts without authorization. The exploit affected approximately 34,000 accounts, with roughly 20,000 fully breached, exposing email addresses, phone numbers, birth dates, and other personal data. Notable compromised accounts included the dormant Obama White House Instagram page, which was used to post messages critical of President Trump, as well as accounts belonging to SimpliSafe and a senior Trump Space Force official. Meta spokesperson Andy Stone stated that the flaw was not inherent to the AI agent itself but resulted from failed internal back-end security checks, which the company has since addressed. The vulnerability was reported by 404 Media in June, and Meta has notified regulators and affected users. The incident comes as Meta aggressively expands its AI business offerings, having recently introduced a "business agent" product designed to automate customer service tasks across Instagram, WhatsApp, and Facebook Messenger.
What's missing
The specific technical nature of the vulnerability and how exactly the chatbot could be manipulated to reset passwords without proper authentication is not detailed. Additionally, the timeline between when the vulnerability was discovered in March and when it was reported in June, and what actions Meta took during that period, is unclear.
What different sources said
- The Straits TimesCenter
In AI blunder, more than 34,000 Instagram accounts became vulnerable
Related
Blacksmith CI Service Charges $1,081 to User on Free Trial Without Credit Card on File
A developer team using Blacksmith, a GitHub Actions alternative, received a $1,081 invoice after exceeding free tier limits without having provided a credit card. The company's free trial continued accruing charges rather than stopping service, contrary to typical SaaS conventions. The incident raises questions about whether such billing practices are legally permissible and whether they align with user expectations.
Apple Testing Camera-Equipped AirPods for AI-Enhanced Siri, But Privacy Concerns May Delay Launch
Apple has designed AirPods with built-in cameras to give Siri visual context for user requests and is in late-stage testing with employees, according to Bloomberg reporting. The cameras would enable features like landmark-based navigation, food identification, and smarter contextual assistance, though they would not record photos or video like smart glasses. However, Wired reports Apple may delay the product due to insufficient AI capabilities and executive concerns about privacy risks without compelling use cases.
AI Companies Adopt Serif Fonts to Signal Trustworthiness and Human Touch
AI companies like Claude, Perplexity, and Runway are increasingly using serif fonts in their branding and user interfaces, a shift designers attribute to efforts to make artificial intelligence appear more human and trustworthy. Serif typefaces, historically associated with print media, books, and authority, contrast with the cleaner sans-serif fonts often perceived as computer-like and cold. The trend reflects broader public skepticism about AI and companies' attempts to build confidence in their products through design choices that evoke human craftsmanship and reliability.