Mastodawn

New, by me: Meta has filed a data breach notice confirming that *thousands* of people had their Instagram accounts hacked as part of a months-long campaign abusing its Meta AI chatbot.

Meta's breach notice shows the hacks were far more widespread than first thought.

More: https://this.weekinsecurity.com/meta-confirms-thousands-of-instagram-accounts-were-hacked-by-abusing-its-ai-chatbot/

Meta confirms thousands of Instagram accounts were hacked by abusing its AI chatbot

Meta fixed the bug that let anyone trick its Meta AI chatbot into resetting the password on Instagram accounts that didn't have two-factor authentication.

~this week in security~

Show thread

JWcph, Radicalized By Decency 4d ago

@zackwhittaker Correction: It's not a bug & the AI wasn't "tricked". It worked exactly like it was supposed to - Meta just didn't care to consider that anyone could ask it to do so.

It's a tech bug in the same sense that a person plowing a pickup truck through a kindergarten is the car's fault.

- which also means the "bug" is "fixed" until somebody stumbles upon the next vulnerability, because the underlying issue, as the book said, is carelessness.

Show thread

Stian 4d ago

Meta literally claims that "The tool itself worked properly and functioned as intended". Incredible.

If your tool allows for people to hack your users by simply asking politely for it, reasonable people might argue that this tool is not, in fact, "working as intended".
@jwcph @zackwhittaker

Show thread

JWcph, Radicalized By Decency

@sab @zackwhittaker - or, more likely, that your intent fucking sucks.