Tell HN: Meta's AI support feature allows Instagram accounts to be stolen
1 day ago
If the AI support option is enabled for your Instagram account (it appears to be A/B tested for only a percentage of accounts), anyone can hijack it with little effort. Simply get on a proxy or VPN close to the account's region, then ask the agent to send a code to an arbitrary email address. Once you receive the code, pass it forward to the agent, and it'll provide you with a password reset link which you can then use to sign into the account.
Posting here for any Meta employees who may be reading. This flaw has been around for at least a few days and has been used to hijack over 100 high-value Instagram accounts. The correct patch would be to disable the AI support feature entirely for the time being until this is sorted and revert accounts and usernames that have been hijacked over the last few days. This is a pretty important flaw and it's currently being exploited in blackhat circles. The steps above are public knowledge in these circles and can be found trivially on Telegram.
Edit: I wouldn't be surprised if this was never acknowledged by Meta. Several months ago in February, there was an exploit that allowed anyone to view the email address and phone number on file for any Instagram account. No acknowledgement from Meta. IMO they should've filed an SEC 8-K for an issue like that. Also, this flaw was unpatched when I posted about it - not sure if it's since been patched.
It may be irrelevant, but yesterday, I received the following email:
"Hi xxx,
The phone number +963xxxxxxx was added to your Instagram account at 18:11 (PDT) on Sunday, May 31 2026.
If you didn't add a phone number, you can secure your account here."
This is notably different from the standard message that I get when I change my phone number the normal way: "Someone tried to modify settings on your Instagram profile.
If this was you, use the following code to confirm your identity:"
Thankfully, I was able to recover it (still can't log in to threads for some reason), but people should be aware of an ongoing exploit that allows them to switch recovery methods without authentication.
That's strange, the timing seems to be after the vulnerability was supposedly patched (roughly 4:30 PM PDT). Is your username short or valuable?
I think AI for social channels are really unnecessary for users because of 80% hallucination. I know these AIs only useful for channels owners to track and learn user's habits and collect data...and data is money.
When will people learn granting any kind of account access to an LLM is a moot point, if the LLM has knowledge of something, by design it can't help but divulge it
This happened to my account today. My sessions were revoked and password changed with no email, text, or push notification. Email and text codes weren’t being sent to my phone. I went through several cycles of resetting my password then getting hijacked again.
My account was also stolen but my username wasn't changed. I had TFA enabled which likely saved me, but I'm hearing that can be bypassed too. I guess I was just lucky. The attackers rate limited my account so I couldn't send any password reset emails, but I went through the hacked account recovery flow which allowed me to receive a code and log back in just fine. I received about 100 password reset emails throughout this ordeal.
I didn't see it in the original post, but is there any way to turn this off at an account level?
No, you're forced into the A/B test. I assume they'll enable this on every account at some point. Maybe there's a way to edit your account's flags via some undocumented API endpoint, but I'm not sure. Even if that were possible, your account would likely be flagged for API abuse and banned within the day.
It's been patched now, so if your account wasn't already stolen, you're fine, at least for the time being.
> I wouldn't be surprised if this was never acknowledged by Meta.
It will, at least, have to be acknowledged by making GDPR Art. 33 notifications.
I'm glad they've seemingly made some sort of public statement on X and to media outlets, though they haven't emailed affected users yet.
They have yet to acknowledge the recovery method disclosure vulnerability which was exploited on a massive scale in February. The last time I checked, email addresses and phone numbers were PII. I don't live in the EU, but someone who does should complain to the relevant authorities about that.
[flagged]
[dead]
> No acknowledgement from Meta.
Of course not. Every single employee is a sociopathic as their CEO.
As far as I'm concerned, failing to report breaches like this is illegal in some jurisdictions. They already didn't report the other email address disclosure bug that was widely abused, and they likely won't report this either.
At the very least, if they really don't want to make a public statement, they should send out emails to affected users. With all the data they collect, I'm sure it's possible to run a query that selects all users who have been "recovered" by AI support and whose usernames were subsequently changed shortly after to find a victim list of some sort.