A malicious breach of Instagram's AI-powered chatbot has exposed the personal data of thousands of British users, raising urgent questions about Meta's stewardship of sensitive information. The chatbot, a conversational agent designed to handle customer service queries, was compromised by an unknown attacker who exploited a vulnerability in its natural language processing engine. The breach, first detected by cybersecurity firm Darktrace, appears to have occurred over a 48-hour window, giving the hacker access to messages, contact details, and location data of users who interacted with the bot.
Meta confirmed the incident in a terse statement, noting that it had 'temporarily disabled the feature' and was 'working with law enforcement.' However, the company has not yet clarified whether financial data or passwords were stolen. The incident comes as Meta faces intensifying regulatory pressure in the UK, where the Information Commissioner's Office has launched a formal investigation.
This breach is a stark reminder that AI tools, while convenient, introduce new attack surfaces. The chatbot's ability to hold natural conversations likely made it an attractive target. Meta's reliance on AI for customer engagement has been part of its broader push toward more immersive social experiences, but this hack suggests the company may be prioritising speed over security.
For British users, the immediate risk is phishing: the stolen data could be used to craft convincing fraudulent messages. As the investigation unfolds, users should be cautious of unsolicited communications and consider changing passwords. The broader question remains: can we trust a company that has already faced multiple data scandals to safeguard our digital lives in an AI-driven future?
The answer is increasingly uncertain.
