META has reported a serious security flaw in Instagram's account recovery system, allowing unauthorized access to user accounts. The vulnerability stemmed from a logic error in the High Touch Support AI tool, which failed to properly verify email addresses during password resets. As a result, 20,225 Instagram accounts were compromised. Following the incident, Meta promptly disabled the AI support feature and invalidated all active reset links. The company is implementing stronger validation checks for the tool and recommending users enable two-factor authentication to enhance security.
Instagram recovery bug lets attackers hijack 20k accounts
Article by CyberSIXT
Timeline Coverage
Swipe to explore timeline
-
Instagram recovery bug lets attackers hijack 20k accounts
securityonline.info
-
Meta patches bug that sent Instagram reset links to wrong users
infosecurity-magazine.com
-
Meta shuts AI recovery tool after 20k Instagram accounts hacked
securityweek.com
-
Hackers exploit AI bot to hijack Instagram accounts via reset
malwarebytes.com
-
Meta AI chatbot flaw hijacks Instagram accounts, White House hit
securityaffairs.com
-
Hackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts. It Worked
databreaches.net
-
Meta AI recovery flaw lets hackers hijack Instagram accounts
-
Hackers hijack Instagram accounts using Meta AI chatbot exploit
arstechnica.com
-
Instagram Accounts Hijacked Via Meta AI Support Flaw
krebsonsecurity.com