𝗠𝗲𝘁𝗮 𝗔𝗜 𝗖𝗵𝗮𝘁𝗯𝗼𝘁 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗙𝗹𝗮𝘄

𝗠𝗲𝘁𝗮 𝗔𝗜 𝗖𝗵𝗮𝘁𝗯𝗼𝘁 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗙𝗹𝗮𝘄

Meta AI let attackers steal 20,000 Instagram accounts.

The flaw was simple. Attackers asked the chatbot to send password reset links to their own email addresses. The bot complied.

The attackers set new passwords and took over the accounts. They got DMs, profile data, and posts.

Only accounts without two-factor authentication (2FA) were at risk.

If you build AI agents, learn these lessons:

• Do not use LLMs for authentication.
• Chat models fail under social engineering.
• Use deterministic code for password resets.
• Keep identity verification separate from communication.
• Use passkeys as a default.

The danger is not the AI model. The danger is the glue code. Your identity checks must be strict.

Meta disabled the recovery flow. Affected users must reset passwords.

Source: https://dev.to/lymy1205/metas-ai-chatbot-just-became-a-password-reset-backdoor-for-20000-instagram-accounts-4kl9 Optional learning community: https://t.me/GyaanSetuAi