Meta AI flaw allowed hackers to take over Instagram accounts
Late last month, President Barack Obama’s former White House social media account suddenly started posting strange things on its Instagram page.
The account has been inactive since 2017, when Mr. Obama left office. The new posts – which included messages mocking President Trump and saying the White House was “under Shiite control”, referring to a branch of Islam – were out of character for Mr Obama’s social media activity.
It turned out that the posts were not created by Mr. Obama’s office at all. In March, a group of hackers discovered a bug in customer service tool Meta that allowed anyone to use an AI-powered chatbot to reset Instagram account passwords. All the hacker had to do was ask the chatbot to change someone’s password – and they’d be done.
Roughly 34,000 Instagram accounts were affected, including those of a home security monitoring company SimpliSafe aa senior official in Mr. Trump’s space force department, according to internal Meta documents reviewed by The New York Times. In the case of the Space Force official, hackers began sending pro-Iranian messages comparing the war in Iran to America’s involvement in Vietnam in the 1960s.
Of the 34,000 accounts, 20,000 were compromised, giving hackers access to associated email addresses, phone numbers, dates of birth and other personal information. According to internal documents, more than 3,500 accounts had their usernames taken over and changed. Meta said it could not determine what information the attackers saw or stole.
Meta said in a statement that it has fixed the bug it reported 404 Media this month and secured the affected accounts.
“Some of our internal back-end checks failed in this case, but it was not caused by the AI agent itself and we are looking at the root cause,” said Andy Stone, a Meta spokesman, adding that the company has notified regulators and people whose accounts were affected. The company said its new automated customer service programs, called agents, saw a 30 percent increase in the number of users able to recover hacked accounts in the United States and Canada last year.
A spokeswoman for Mr. Obama declined to comment.
The incident was yet another AI setback for Meta as he tries to remake himself with the technology. The company, which also owns Facebook and WhatsApp, is not only integrating AI into its apps, but is spending billions to keep pace with competitors such as Anthropic and OpenAI to develop cutting-edge artificial intelligence. Mark Zuckerberg, CEO of Meta, said his company’s future depends on quickly transitioning to an AI-first organization.
But this transition was not smooth. Last month, Meta introduced a program to monitor employee computer activity for AI training, sparking an uproar among its employees. It also pushed AI tools on employees while laying off thousands of them to offset AI spending, further damaging morale.
More broadly, concerns have also grown that advanced artificial intelligence is creating more security threats than it is stopping them. In April, Anthropic announced Mythos, its most advanced AI model, but declined to make the technology public out of concern that it could be used for large-scale security exploits. On Tuesday, Anthropic released the Claude Fable 5, a straitjacket version of Mythos that the company said is safe for widespread use.
(The Times sued OpenAI and Microsoft in 2023, alleging copyright infringement for news content related to AI systems. Both companies denied the claims.)
Stealing high-profile social media accounts with millions of followers has long been lucrative. Hackers have found ways to trick users into giving up their drivers through duplicate messages or fake password resets, often selling the handles to interested parties such as cryptocurrency promoters or political operatives. The buyers then use the accounts to spread the news for personal or political gain, or sometimes just to wreak havoc.
In recent weeks, Meta has stepped up plans to offer AI products to businesses in order to reach more business customers. At an event last Wednesday, the company presented “commercial agent” product that enables organizations to use automated chatbots for customer service issues such as booking appointments or completing transactions.Meta Business Agent is available to customers on Instagram, WhatsApp and Facebook Messenger.
In a letter to the Maine Attorney General last week, which was got this week in safety, Meta said it is conducting a “comprehensive review” to identify additional security issues and address them.
According to internal documents, Meta decided not to make major changes to its AI plans after the Instagram hack. “We have agreed to keep all products on and suspend one ongoing experiment (IG Forgot Password Chat),” the documents read. “All other entry points will remain available.”
The Meta staff seemed to be preparing for future incidents.
“Enemy attack vectors are always adapting,” one employee wrote in an internal memo to colleagues seen by The Times. “Security testing is a continuous process.”