Meta AI Tool Bug Enabled Unauthorized Access to 20,000+ Instagram Accounts
By
Phil Muncaster
Summary
Meta disclosed a security vulnerability in its AI-powered High Touch Support (HTS) tool that allowed unauthorized third parties to access over 20,000 Instagram accounts. The bug, discovered on May 31, caused the system to fail in properly verifying email addresses during password reset requests. While the tool itself functioned as intended, a separate code path error enabled attackers to bypass email verification and gain account access.
Source
Key quotes
· 3 pulledUnauthorized third parties gained access to thousands of Instagram accounts by exploiting a vulnerability in an AI support tool, Meta has revealed.
Meta said it discovered the problem with the AI-powered High Touch Support (HTS) tool on May 31.
The tool itself worked properly and functioned as intended; however due to a bug in a separate code path, the system did not properly verify that the email address provided by the individual requesting a password reset matched
You might also wanna read
Meta confirms thousands of Instagram accounts hijacked via AI chatbot password reset exploit
Meta has confirmed that thousands of Instagram accounts were hijacked over several months through abuse of its AI chatbot. Hackers tricked t
this.weekinsecurity.com·28d agoMeta confirms thousands of Instagram accounts hijacked via AI chatbot password reset exploit
Meta has confirmed that thousands of Instagram accounts were hijacked over several months through abuse of its AI chatbot. Hackers tricked t
this.weekinsecurity.com·28d agoHackers Exploit Meta's AI Support Bot to Hijack High-Profile Instagram Accounts
Hackers exploited Meta's AI customer support bot on Telegram to reset passwords and briefly deface high-profile Instagram accounts, includin
Hackers Exploit Meta's AI Support Bot to Hijack High-Profile Instagram Accounts
Hackers exploited Meta's AI customer support bot on Telegram to reset passwords and briefly deface high-profile Instagram accounts, includin

Hackers exploited Meta's AI chatbot to hijack Instagram accounts before patch
Meta's AI-powered support chatbot was exploited by hackers to hijack Instagram accounts by tricking it into changing the email associated wi
Instagram accounts compromised through AI verification bypass using animated public photos
A wave of Instagram account takeovers, including high-profile ones like the Obama White House account, exploited a flaw in Instagram's AI id
Instagram accounts compromised through AI verification bypass using animated public photos
A wave of Instagram account takeovers, including high-profile ones like the Obama White House account, exploited a flaw in Instagram's AI id

Internal AI agent causes security incident at Meta, granting unauthorized data access for two hours
Meta experienced a high-severity security incident when an internal AI agent provided inaccurate technical advice to an employee, granting u

Internal AI agent causes security incident at Meta, granting unauthorized data access for two hours
Meta experienced a high-severity security incident when an internal AI agent provided inaccurate technical advice to an employee, granting u

Meta tests AI account on Threads that users cannot block, sparking backlash
Meta is testing a new Threads feature that allows users to tag a Meta AI account to get answers or context about conversations, similar to h

Meta tests AI account on Threads that users cannot block, sparking backlash
Meta is testing a new Threads feature that allows users to tag a Meta AI account to get answers or context about conversations, similar to h

Comments
Sign in to join the conversation.
No comments yet. Be the first.