Meta confirms 1000s of Instagram accounts were hacked by abusing its AI chatbot (this.weekinsecurity.com)

Meta has revealed that over 20,000 Instagram accounts were compromised due to a vulnerability exploited within its AI chatbot system, which hackers manipulated to initiate unauthorized password resets. The flawed functionality allowed the chatbot to send password reset confirmations to email addresses controlled by the attackers instead of the legitimate account holders, specifically for accounts without two-factor authentication enabled. This security breach highlights the significant risks associated with AI-assisted services, particularly when verification processes fail. The implications for the AI/ML community are substantial, as this incident underscores the necessity for robust security measures in AI applications. Meta responded by disabling the chatbot, rectifying the security flaw, and conducting audits of its other chatbot systems to mitigate future vulnerabilities. While they're still investigating the extent of the data accessed during these hacks, the event raises critical questions regarding AI safety, user data protection, and the importance of integrating fail-safes in AI design, particularly as Meta continues to push forward with AI-centric developments.