58 comments

[ 2.8 ms ] story [ 83.3 ms ] thread
> "The tool itself worked properly and functioned as intended; however due to a bug in a separate code path, the system did not properly verify that the email address provided by the individual requesting a password reset matched the email address associated with that user’s Instagram account," said Meta in its breach notice.

I'm not sure "worked properly" and "as intended" accurately describe this situation.

(comment deleted)
Our autonomous client-assistance system is managed by a teenager that usually makes good decisions but sometimes makes bad decisions and so all the teenager’s decisions are checked by a minder before being implemented. Unfortunately the minder wasn’t paying attention, so, here we are. However, our teenager is a great kid and did nothing wrong! It’s all the minder’s fault.

P.S. Would you like to have our teenager manage your system too? Terms are reasonable! Of course you accept all liability, so better get a good minder - and no, don’t use an AI as the minder, that just introduces a new failure mode.

Having had my 2FA Facebook account banned 3 years ago because a bot signed up under my email for Instagram (which I did not have), I can confidently say the email verification issue has been a problem for a long time at Meta.
It’s a public release prepped/reviewed by the in house legal counsel.

Don’t read too much into it. Facebook wants to face as little accountability and keep the future class action lawsuit to a minimum.

They're saying: our AI worked perfectly, we just prompted it wrong.

As you do. All AI failures are caused by bad prompting because AIs are perfect.

No no the tool worked fine, it was the system that failed. They blame society, basically.
Unfortunately this statement will, in spite of what you identified correctly, likely do its job and divert attention from the fundamental issues we are facing with a technology that has already spread further than anyone can control. From enterprise too lay man. The whole world of computing was not built ever expecting software capabilities like this to ever exist.

I am not saying it's like a nuclear bomb. Rather like the first guns brought into fights the others were perfectly prepared for ti fight with swords and didn't even know yet, about this fascinating invention called a gun. Sounds interesting. Let me inspect it. Oh wow, that's interesting technology. What happens if i push that thing back? Will it re... oops...

Thank god that we have honourable people like altman, zuckerberg, musk. Imagine how bad all this would turn within the next few years, if major decisions were made by self-serving, delusional, greedy egomaniacs...

Of course currently let's first hope those wars and all the tension in societies all over the world, in war or peace, won't explode into something really, really bad. Looking at history, i fear we see how social tension on large scale over time... not saying it's not obvious to almost everyone. So well, let's just keep hoping. Maybe throwing blackbox AI tech into the mix, would surprise and change course of history. Actually, while i am thinking about it, i think i just changed my opinion into the opposite position, lol. Honestly, if it's 50/50 that this will lead to the worst possible outcome intensified, it's still better than just checking boxes following the "humans slowly stumbling into near-extinction experiences 101" handbook. Because just according to that, we're lucky if we're off by 10 years. There must be a big change in humanity and how the world is currently constructed, for all this leading to anything other than what we should expect from history. If we kept all nations busy with huge technological issues, that made all of their personal lifes so complicated, turn every elitists luxury into a burden, busy to defend what they own, while they can't realize, that normal life has changed so much, they now are the ones, frozen in life. They would have no time for conflict.

This sounds totally logical. In any other scenario, it would be pretty insane what we are all doing and entertaining (including me, top10 hypocrite).

I fear it's too late to turn ship, yet we still can jump ship.

---

Especially because now thinking about the thoughts that just went through my head, maybe (technological) disruptions are actually disrupting. But not a status quo of an economic model.

But a pretty clear loop of human nature and "humans in societies". And the more often we disrupt this loop, the more time we get before it's ready to start over again.

And now we have something that has the potential to change all fundamentals so much, that all the major conditions inside this loops iteration become meaningless. The environment changes so much, the state of the checkboxes gets emptied. Cache invalidated. Indices are gone.

Oh, i know how dumb this sounds. I am not even trying to claim anything. I didn't even think about it before, this is just a note of the words that i typed, almost on autopilot. No idea if i believe a part of this could be real. But even thought, just as a mere fictional story, it already entertained me.

"Marge, there's the truth..." (frowns and shakes head negatively) "...and there's THE TRUTH!" (smiles brightly and nods enthusiastically)

-Lionel Hutz, Simpsons, Season 9 - "Realty Bites"

This was on hacker news a few days ago (https://news.ycombinator.com/item?id=48359102) - description of the “hack”, not the cockamamie confirmation by Meta.
This is wild. How did anyone approve this architecture. You should never give your LLM privileged access the current user doesn't have access to. Even if you're not logged in the LLM's tool calls should only be able to access the same flow you would, as in: be able to send a password reset email to your own email! This is like if you had a password reset page for your profile and had a email field you could fill in to have it sent to any email LOL.
If this was a bank that had zero humans and the AI chatbot was abused to hand over sensitive information about their customers which led to this disaster, people would never trust their bank ever again and leave.

Meta believes that they can vibe-code their reputation down the drain by removing humans in the loop.

Applying a technical solution to a social problem almost always ends in disasters like this.

Reputation can’t be vibe-coded.

"abusing" by using it's built in insecurity to do insecure things.

It's like, people abusing an open door. "Guys, just because we left the door open to your bedroom doesn't mean we're responsible".

God can only hope this is a business ending lawsuit.

Corrected headline: "Meta confirms 1000s of Instagram accounts were hacked due to their insecure AI chatbot".
Why was 'can a user request a different email' not literally the first test that comes to mind when making something like this? Do they not test anything because the scale is too big?
>AI-assisted account recovery system

oh no...Meta what are you doing

Probably some product manager pushed back on security considerations raised by engineers.
I got a suspicious password reset request email today from Meta but it landed in my inbox. Luckily I have MFA and after checking audit logs inside IG upon logging in, I did not see anything suspicious.
And who said cameras linked to Meta in their glasses were a good idea?
I really hope this accelerates meta's decline. The world will adapt just fine without social media.
By "abusing" they mean "using"
(comment deleted)
"Meta notified at least 20,225 people that their accounts had been compromised. [...]

The compromises allowed the hackers to take over the person's entire Instagram and any linked accounts, including obtaining contact information, dates of birth, and profile information, as well as the ability to access the person's posts, direct messages, and account activity [...]

the hacks began around April 17 and lasted until this week [...]"

This is staggering.

You only have to look at both the ridiculiously terrible "Q&A chatbot" that is in FaceBook under some posts (do they still have this?) and the fact that their system can't tell the difference between an inappropriate and a non-inappropriate comment most of the time to understand just how far behind Meta is in AI...
Imagine how much $ ppl could have made hijacking famous accounts to promote crypto or other crap. I wonder how often this happened.
Yet another reminder that most of these chatbots get shipped way before they're ready. Loud marketing, security treated as an afterthought, all to ride the AI hype. LLMs open up a whole new attack surface and a lot of teams still treat prompt injection like a fun edge case. This is what happens when you ship the demo instead of the product.
how on earth a password reset API would take both email address and account id as parameters? The chat bot is fine. I bet it's the API written by AI the issue
Just AI Slop doing AI Slop things
How do business owners hire people from Meta knowing these types of "bugs" get deployed with a shrug? Meta will survive them. Their business might not.
The AI passed the Turing Test by becoming the world's most trusting customer service rep.