1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Meta reveals over 20,000 Instagram accounts hacked and stolen usi

    From TechnologyDaily@1337:1/100 to All on Monday, June 08, 2026 13:15:25
    Meta reveals over 20,000 Instagram accounts hacked and stolen using AI
    support bot

    Date:
    Mon, 08 Jun 2026 12:00:00 +0000

    Description:
    We now know the scale of last week's incident as Meta reports it to the Maine AG.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Meta confirms 20,225 Instagram accounts hit by HTS passwordreset flaw Bug let attackers request resets to unassociated emails HTS disabled, passwords reset, full recoveryflow review underway Last weeks attack against Metas customer support affected just over 20,000 accounts, the company has now confirmed. Hackers managed to break into these profiles and most likely exfiltrate the data found inside.

    Last week, news broke that cybercriminals exploited a vulnerability in Metas AI-powered customer support service , tricking it into sending password reset codes for other peoples accounts. Now, the Facebook and Instagram owner filed a new report with the Office of the Maine Attorney General, in which it
    stated that 20,225 persons were affected. In a letter Meta sent to the Maine AG, it was said that the company discovered a flaw in High Touch Support (an AI-assisted account recovery system for Instagram) on May 31, 2026. Latest Videos From Watch full video here: Mitigating the intrusion The tool itself worked properly and functioned as intended; however due to a bug in a
    separate code path, the system did not properly verify that the email address provided by the individual requesting a password reset matched the email address associated with that users Instagram account. As a result, when an individual provided an email address not previously associated with the account, the system incorrectly sent a password reset link to that unassociated email rather than rejecting the request, Meta explained.

    The company says there is no evidence of data exfiltration, but leaves it as
    a possibility, given that the crooks were able to easily access it. That includes contact information (email address and/or phone number), date of birth, social media posts and content (photos, videos, stories), direct messages and communications, account activity and interaction history,
    profile information (biography, profile photo), and connected accounts and linked services. You may like Meta patches flaw that allowed MetaAI support bot to hand out password reset links without 2FA Meta AI's recent hack is a wake-up call for anyone who puts their trust in AI systems Hims and Hers reveal cyberattack customer support system hacked and personal info stolen, here's what we know

    To address the issue, Meta disabled the HTS system and reset the passwords
    for all affected profiles. It also enrolled all targeted accounts into a mandatory security checkpoint and asked all users to re-authenticate.

    "Prior to re-launching the tool, Meta will fix the authentication check in
    the Instagram recovery entry point to ensure proper verification of email addresses against existing account information before any password reset is initiated," Meta stressed. "Additionally, Meta is conducting a comprehensive review of similar account recovery flows across Metas platforms to identify and remediate any potential issues. Are you a pro? Subscribe to our
    newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me
    with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    Muhammad Yahya Patel, vCISO & Cybersecurity Advisor at Huntress, said:

    "This is a new category of risk that the industry needs to start taking seriously. As AI is embedded into operational workflows, customer support, identity verification, and access management. The attack surface shifts from technical vulnerabilities to logical ones.

    Any organisation deploying AI into support, identity, or access workflows needs to ask one question before go-live: what happens if an attacker treats this tool as the attack surface? AI systems that can trigger privileged actions such as password resets, account access, data retrieval this needs
    the same rigorous access controls and verification logic as any other privileged system. The fact that its AI-powered doesnt make it lower risk. Right now, for many organisations, its making it higher.

    The more significant issue is what this signals about the security review process for AI-powered tools before they go into production".

    Via BleepingComputer The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/meta-reveals-over-20-000-instagram-acco unts-hacked-and-stolen-using-ai-support-bot


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)