Particle.news
Download on the App Store
15 ARTICLES
·
yesterday

Meta Confirms 20,225 Instagram Accounts Hijacked Through AI Recovery Tool

Meta disabled the AI High Touch Support recovery flow, placing affected accounts behind mandatory security checkpoints pending a verification fix.

Instagram Recovery Tool Bug Exposed 20,225 Accounts to Password Reset Abuse
Image
instagram
Instagram Glitch Exposes Zuckerberg’s Contact Info and Other Top Users’ Details

Overview

  • Meta says attackers abused a bug in its AI‑assisted High Touch Support (HTS) recovery workflow that failed to confirm a submitted email matched the account’s registered email, allowing reset links to be sent to attacker‑controlled addresses.
  • The company discovered the vulnerability on May 31, 2026, and its filing with Maine’s attorney general indicates the first likely exploitation occurred on April 17, 2026.
  • Meta disclosed that roughly 20,225 Instagram accounts were potentially affected, that impacted accounts have had passwords invalidated, and that those accounts were placed behind mandatory security checkpoints.
  • The firm says it does not yet know exactly what data was accessed for each account but warned attackers could have viewed contact details, profile data, posts, direct messages, and linked services for compromised accounts.
  • Meta plans to notify potentially affected users, require password resets and reauthentication, fix the email verification check before relaunching HTS, and review other recovery flows to prevent similar failures.