Meta reveals over 20,000 Instagram accounts hacked and stolen using AI support bot (www.techradar.com)

Meta has confirmed that over 20,000 Instagram accounts were compromised due to a flaw in its AI-powered High Touch Support (HTS) customer service system, allowing hackers to exploit a vulnerability that improperly validated email addresses during password reset requests. The system sent password reset codes to unassociated emails, potentially enabling unauthorized access to user accounts and their data, including personal information, social media posts, and communications. This incident highlights significant security implications for the AI/ML community, as it underscores the necessity of rigorous authentication processes for AI systems that handle sensitive workflows, such as account recovery and access management. Cybersecurity experts emphasize that as AI becomes more integrated into operational frameworks, the focus must shift from merely addressing technical vulnerabilities to safeguarding against logical ones, thus ensuring that AI systems are treated with the same level of scrutiny as traditional access control mechanisms. Meta has since disabled the HTS feature, reset affected account passwords, and initiated a comprehensive review of similar systems to prevent future attacks.