Meta: 20,000 Instagram Accounts Hacked via AI Tool

Meta reports that around 20,000 Instagram accounts may have been hacked. This attack exploited an AI-powered account recovery tool. Hackers used Meta's chatbot to link their own email addresses to target accounts. This allowed them to reset passwords and take control. High-profile accounts, including those of the Obama White House and Sephora, were reportedly compromised and sold. Meta's associate general counsel for incident response legal, Amber Hannah, notes that the actual number of affected individuals might be smaller. The company counted users whose passwords were reset via the support tool, lacked two-factor authentication, and whose accounts were likely accessed by hackers. However, some of these accesses could have been legitimate. The exploitation of Meta's High Touch Support tool was discovered on May 31st. This tool helps users regain account access, and a bug allowed hackers to send password reset links to their own emails instead of the account owner's. Meta has disabled the vulnerable tool and will only reactivate it once the fix is confirmed. All password reset links generated through the exploit have been invalidated. This situation highlights the ongoing importance of strong security measures like two-factor authentication for all online accounts.