Meta has revealed that over 20,000 Instagram users had their accounts hijacked in a recent incident where attackers used Meta's AI-powered support system to reset passwords.
As BleepingComputer reported one week ago, the threat actors exploited a flaw in the company's High Touch Support (HTS) tool, an AI-assisted support system that helps users regain access after being locked out of their Instagram accounts.
By exploiting the fact that HTS didn't verify whether email addresses were associated with the targeted Instagram accounts, they obtained password reset links that allowed them to log in and hijack accounts without two-factor authentication (2FA) enabled.
After a wave of user reports regarding these attacks hit social media platforms, Andy Stone, Meta's vice president of communications, replied to one of the affected users, stating that the "issue has been resolved, and we are securing impacted accounts."
BleepingComputer has also contacted Meta last week for comment on this security breach, but we have yet to hear back.
