I’ve never been a fan of AI-powered customer support, and incidents like this are a good reminder of why. It seems like whenever companies give AI systems access to sensitive tasks, a single flaw can easily have serious consequences. This time, it involves Meta AI support. Here’s what happened.
On the 5th of June, Meta reported a data breach notice in the state of Maine after falling victim to a data breach that compromised over 20,000 Instagram accounts.
According to the notice, the breach happened on 17 April, was discovered on the 31st of May, and the affected functionality was disabled on the 1st of June.
The filing states the vulnerability remained active for roughly six weeks before being identified. During that time, the attackers were able to target both ordinary users and several high-profile accounts.
In fact, several popular accounts, including President Obama’s old White House account, beauty retailer Sephora, and a senior US Space Force official, were affected by this exploit. On top of that, the data breach notice points out that 30 Maine residents were affected.
While Meta says the vulnerability has been patched and the affected AI support functionality has been disabled, this situation serves as another example of the security risks that can arise when AI systems are given access to sensitive account-management functions.
Meta states they have disabled their AI support and removed the exploited code, so the vulnerability should hopefully be resolved. Either way, I encourage everyone to closely monitor your login activity, change your password as a precaution, and enable 2-factor authentication (2FA) on their Meta accounts to prevent your account from being compromised in this way.