Late last month, the former White House social media account for President Barack Obama suddenly began posting odd things on its Instagram page.
The account had been dormant since 2017, when Mr. Obama left office. The new posts — which included messages deriding President Trump and saying that the White House was “under Shiite control,” referring to the branch of Islam — were out of character for Mr. Obama’s social media activities.
It turned out the posts were not made by Mr. Obama’s office at all. In March, a group of hackers discovered a bug in a Meta customer service tool that allowed anyone to use an artificial intelligence-powered chatbot to reset the passwords for Instagram accounts. All the hacker had to do was ask the chatbot to change someone’s password — and it would be done.
Roughly 34,000 Instagram accounts were affected, including the accounts of the home security monitoring company SimpliSafe and a senior official in Mr. Trump’s Space Force department, according to internal Meta documents viewed by The New York Times. In the Space Force official’s case, hackers began posting pro-Iran messages comparing the war in Iran to the U.S. invasion of Vietnam in the 1960s.
Of the 34,000 accounts, 20,000 were breached, giving hackers access to the related email addresses, phone numbers, birth dates and other personal data. More than 3,500 of the accounts had their user names taken over and changed from the hack, according to the internal documents. Meta has said it could not determine what information was viewed or stolen by the attackers.
In a statement, Meta said it had fixed the flaw, which was reported by 404 Media earlier this month, and secured the affected accounts.
“Some of our internal back-end checks failed in this instance, but it wasn’t due to the A.I. agent itself, and we’ve addressed the underlying cause,” said Andy Stone, a Meta spokesman, adding that it was notifying regulators and people whose accounts were affected. The company said because of its new automated customer service programs called “agents,” the number of users who were able to recover hacked accounts in the United States and Canada increased by 30 percent last year.
A spokeswoman for Mr. Obama declined to comment.
The incident was another A.I.-themed hiccup for Meta as it tries to remake itself using the technology. The company, which also owns Facebook and WhatsApp, is not only integrating A.I. into its apps, but is spending billions to keep pace with rivals like Anthropic and OpenAI to develop cutting-edge A.I. Mark Zuckerberg, Meta’s chief executive, has said his company’s future depends on quickly shifting to becoming an A.I.-first organization.
But that transition has not been smooth. Last month, Meta unveiled a program to track employees’ computer activity for A.I. training, causing a revolt among its workers. It also pushed A.I. tools on employees while laying off thousands of them to offset A.I. spending, further hurting morale.
More broadly, concerns have also grown that advanced A.I. is creating more security threats than it is stopping. In April, Anthropic announced Mythos, its most advanced A.I. model, but declined to publicly release the technology, worried that it could be used for widespread security exploits. On Tuesday, Anthropic released Claude Fable 5, a straitjacketed version of Mythos that the company said was safe for widespread use.
(The New York Times sued OpenAI and Microsoft in 2023, claiming copyright infringement of news content related to A.I. systems. The two companies have denied those claims.)
Stealing high-profile social media accounts with millions of followers has long been lucrative. Hackers have found ways to trick users into giving up their handles through duplicitous messages or fake password resets, often reselling the handles to bidders like cryptocurrency promoters or political operatives. Buyers then use the accounts to spread messages for personal or political gain, or sometimes just to wreak havoc.
In recent weeks, Meta has ramped up plans to offer A.I. products to businesses, aiming to court more corporate customers. At an event last Wednesday, the company introduced a “business agent” product, which lets organizations use automated chatbots for customer service issues like booking appointments or completing transactions. Meta’s business agent is available to customers on Instagram, WhatsApp and Facebook Messenger.
In a letter to Maine’s attorney general last week, which was obtained by This Week in Security, Meta said it was conducting a “comprehensive review” to identify further security issues and handle them.
Still, Meta decided not to make major changes to its A.I. plans after the Instagram hacks, according to the internal documents. “We agreed to leave all products on and to pause one ongoing experiment (IG Forgot Password Chat),” the documents said. “All other entrypoints will remain available.”
Meta employees appeared to be girding themselves for future incidents.
“Adversarial attack vectors are always adapting,” one employee wrote in an internal message to colleagues, which was viewed by The Times. “Security testing is a continuous process.”
The post In A.I. Blunder, More Than 34,000 Instagram Accounts Became Vulnerable appeared first on New York Times.
