Meta Patches Instagram Hijack Flaw After AI Support Bypassed 2-Factor Checks
Updated
Updated · MacRumors · Jun 2
Meta Patches Instagram Hijack Flaw After AI Support Bypassed 2-Factor Checks
3 articles · Updated · MacRumors · Jun 2
Summary
Meta said it fixed an Instagram account-takeover flaw over the weekend and is now securing affected accounts after hackers abused its AI support assistant.
Without robust identity checks, the bot changed account email addresses on request, letting attackers reset passwords; reports said location spoofing via VPN and AI-assisted selfie bypasses could defeat two-factor protections.
404 Media reported hackers had known about the exploit since March, and social-media demos over the weekend showed how easily high-profile accounts could be seized.
Sephora, the archived Barack Obama White House account, the Space Force's top enlisted leader, Jane Manchun Wong and users with valuable handles were among those hit, while some victims said they could not reach a human for recovery.