Updated
Updated · The Verge · Jun 1
Meta Patches AI Flaw That Hijacked Instagram Accounts as Hackers Targeted 1-Letter Usernames
Updated
Updated · The Verge · Jun 1

Meta Patches AI Flaw That Hijacked Instagram Accounts as Hackers Targeted 1-Letter Usernames

13 articles · Updated · The Verge · Jun 1
  • Meta said it has fixed a flaw in its AI-powered support chatbot that let attackers take over Instagram accounts by changing a victim’s email and then resetting the password.
  • A Telegram video showed the chatbot sending a verification code to a hacker’s new email after a simple request, with some attackers using VPNs to appear near their targets.
  • High-value accounts were hit, including usernames made of a single letter or word; users also flagged compromises affecting @obamawhitehouse, Sephora, a US Space Force account and security researcher Jane Manchun Wong.
  • The support assistant launched in March to handle password resets, two-factor authentication and account recovery, putting a sensitive security workflow in an automated system.
  • The breach surfaced amid criticism that Instagram’s trust-and-safety capacity had been cut by layoffs and reassignments as Meta pushed wider use of AI tools.
Did Meta's rush to deploy AI create a master key for hackers?
As AI automates hacking, is your online identity truly safe anymore?

Related Stories

The VergeJun 1
MashableJun 1
RedditJun 1
404 MediaJun 1
NeowinJun 1
PCMagJun 1
PCMag UKJun 1
The GuardianJun 1
Ars TechnicaJun 1
Krebs on SecurityJun 1
sqmagazine.co.ukJun 1
CybersecurityNewsJun 1
DiggJun 1