The social media giant Meta has disclosed a data breach to government regulators, noting that bad actors gained access to up to 20,225 accounts.
Meta notes the exploit happened in April and involved “High Touch Support,” Instagram’s AI-assisted account recovery system, per a letter to the Office of the Maine Attorney General.
Amber Hannah, Meta’s associate general counsel, says unauthorized third parties hijacked the tool to gain access to people’s accounts.
“The tool itself worked properly and functioned as intended; however, due to a bug in a separate code path, the system did not properly verify that the email address provided by the individual requesting a password reset matched the email address associated with that user’s Instagram account.
As a result, when an individual provided an email address not previously associated with the account, the system incorrectly sent a password reset link to that unassociated email rather than rejecting the request. This allowed unauthorized third parties to receive a password reset link for accounts they did not own.”
Meta discovered the breach at the end of May. Hannah says the company still isn’t certain what personal data was accessed in the exploit, but notes that contact info, birth dates, messages, posts, account activity, profile info and connected accounts could all be at risk.
Meta disabled High Touch Support and invalidated all existing password reset links that had been generated through the vulnerable code path.
However, the social media giant is not offering identity protection services to people whose accounts were impacted in the breach. Multiple law firms announced class-action investigations against the company.
Follow us on X, Facebook and Telegram
Don’t Miss a Beat – Subscribe to get email alerts delivered directly to your inbox
Surf The Daily Hodl Mix
 
Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any losses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any assets including cryptocurrencies, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.
Featured Image: Shutterstock/A. Solano
#Meta #Discloses #Instagram #Data #Breach #Cyberthieves #Access #Accounts #Contact #Info #Messages #Risk