• Home
  • News
    • Global Operations
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
    • Industry
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
    • Special Interest
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
  • Market
    • Wired to Win
    • SOFX.NET
  • Intelligence
    • USMC Deception Manual
  • Resources
    • Contact Us
    • About Us
    • Editorial Policy
    • Privacy Policy
  • Home
  • News
    • Global Operations
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
    • Industry
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
    • Special Interest
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
  • Market
    • Wired to Win
    • SOFX.NET
  • Intelligence
    • USMC Deception Manual
  • Resources
    • Contact Us
    • About Us
    • Editorial Policy
    • Privacy Policy
Login
Join Free
Home
Asia
Africa
Europe
Latin America
Middle East
North America
Asia
Africa
Europe
Latin America
Middle East
North America
Asia
Africa
Europe
Latin America
Middle East
North America
Coming Soon
Job Board
Events
Contact Awards
USMC Deception Manual
Login
Join Free
Home Global Operations

Meta AI Support Flaw Exposed 20,225 Instagram Accounts for Seven Weeks

  • SOFX Staff Writer
  • June 10, 2026
(Credit: Pavel105 / Shutterstock.com)
Share on FacebookShare on TwitterLinkedIn

Meta’s AI-powered account recovery tool allowed unauthorized parties to hijack 20,225 Instagram accounts over approximately seven weeks, the company confirmed in a data breach notice filed with Maine’s Office of the Attorney General.

High Touch Support (HTS), an AI-assisted Instagram account recovery tool, contained a code path bug that failed to verify whether the email address submitted during a recovery request matched the one already linked to the targeted account. Attackers exploited this to redirect password reset links to addresses they controlled. Accounts without two-factor authentication (2FA) were vulnerable.

“Due to a bug in a separate code path, the system did not properly verify that the email address provided by the individual requesting a password reset matched the email address associated with that user’s Instagram account,” Amber Hannah, Meta’s associate general counsel for incident response legal, stated in the Maine filing.

The attack also required initiating the recovery session from an IP address matching the target account’s regional location, achievable using a VPN. Exploit instructions circulated on Telegram starting May 31, triggering a wave of reported hijackings. TechCrunch reported that account takeovers continued even after Meta said the issue had been resolved.

Among the compromised accounts were the Obama-era White House, beauty retailer Sephora, and U.S. Space Force Chief Master Sergeant John Bentivegna. Pro-Iranian actors defaced several seized accounts with political imagery. Stolen accounts were subsequently listed for sale on dark web markets.

Meta disabled HTS, invalidated all associated password reset links, and enrolled affected accounts in a mandatory security checkpoint. In a statement to PCMag, the company said the breach “wasn’t due to the AI agent itself.”

Hannah said Meta intends to restore HTS only after fixing authentication to ensure “proper verification of email addresses against existing account information before any password reset is initiated.”

SOFX Staff Writer

SOFX Staff Writer

The Editor Staff at SOFX comprises a diverse, global team of dedicated staff writers and skilled freelancers. Together, they form the backbone of our reporting and content creation.

Subscribe
Login
Notify of
guest
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
ADVERTISEMENT

Trending News

License Plate Readers Move Beyond Plates to Track Phones, Wearables, and Pet Microchips

License Plate Readers Move Beyond Plates to Track Phones, Wearables, and Pet Microchips

by SOFX Staff Writer
June 22, 2026
12

A new surveillance technology could allow law enforcement agencies to track not only vehicles, but also phones, smartwatches, wireless earbuds...

New Map Tool Helps Drivers Dodge License Plate Cameras and Bluetooth Trackers

New Map Tool Helps Drivers Dodge License Plate Cameras and Bluetooth Trackers

by SOFX Staff Writer
June 24, 2026
0

A free open-source website called DeFlock now lets drivers route around automated license plate reader (ALPR) cameras as a surveillance...

SOCOM Study Finds Special Operators Face an 18% Higher Cancer Risk

SOCOM Study Finds Special Operators Face an 18% Higher Cancer Risk

by SOFX Staff Writer
June 26, 2026
0

A U.S. Special Operations Command (SOCOM) study has found that special operations forces (SOF) personnel face an 18% higher cancer...

Iran’s ‘Jellyfish’ Drone Swarm Reveals Tech Leap to Global Military Analysts

Iran’s ‘Jellyfish’ Drone Swarm Reveals Tech Leap to Global Military Analysts

by SOFX Staff Writer
June 25, 2026
0

The F-15E Strike Eagle pilot rescued from Iran in April told U.S. intelligence officials he observed multiple Iranian drones moving...

ADVERTISEMENT
ADVERTISEMENT
Next Post
Army Standardizes Smartphone Mortar Fire Control App Across All Units

Army Standardizes Smartphone Mortar Fire Control App Across All Units

Ukraine Private Air Defense Project Reaches 30 Companies, Downs 20+ Russian Drones

Ukraine Private Air Defense Project Reaches 30 Companies, Downs 20+ Russian Drones

997 Morrison Dr. Suite 200, Charleston, SC 29403

News

  • Global Operations
  • Special Interest
  • Industry
  • Global Operations
  • Special Interest
  • Industry

Resources

  • About Us
  • Contact Us
  • Advertise with Us
  • Editorial Policy
  • Privacy Policy
  • About Us
  • Contact Us
  • Advertise with Us
  • Editorial Policy
  • Privacy Policy
No Result
View All Result
  • Home
  • News
    • Global Operations
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
    • Industry
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
    • Special Interest
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
  • Market
    • Wired to Win
    • SOFX.NET
  • Intelligence
    • USMC Deception Manual
  • Resources
    • Contact Us
    • About Us
    • Editorial Policy
    • Privacy Policy
Subscribe
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.

Log in to your account

Lost your password?
wpDiscuz