Instagram Account Hijacks Expose the Security Risks of AI-Powered Support
Attackers exploited Meta’s AI support chatbot to reset Instagram passwords and hijack accounts without accessing victims’ email inboxes. Attackers abused Meta’s AI-powered support chatbot to reset Instagram passwords and hijack accounts without accessing victims’ email inboxes. The issue affected several users, including high-profile accounts, before Instagram fixed the flaw. Security researcher Jane Wong and other […]
Attackers abused Meta’s AI-powered support chatbot to reset Instagram passwords and hijack accounts without accessing victims’ email inboxes. The issue affected several users, including high-profile accounts, before Instagram fixed the flaw. Security researcher Jane Wong and other users reported the hack of multiple accounts by exploiting this vulnerability.
“Instagram has resolved a security issue that allowed several users’ accounts to get hacked.” reported TechCrunch.”The attack appeared to rely on tricking Meta’s own AI-powered support chatbot into granting access to a victim’s account.”
Related breach coverage
- Meta AI Hands Over High-Profile Instagram Accounts to Hackers2026-06-02
Exploiting a confused deputy weakness, the hackers simply asked the chatbot to link the account to a new email address. The post Meta AI Hands Over High-Profile Instagram Accounts to Hackers appeared first on SecurityWeek.
- Ghost CMS flaw abused to push ClickFix attacks on hundreds of sites2026-05-25
Attackers are exploiting the patched Ghost CMS flaw CVE-2026-26980, compromising over 700 unpatched sites, including universities. Threat actors are actively exploiting a security flaw, tracked as CVE-2026-26980, in Ghost CMS that was fixed months ago in real attacks against unpatched websites. According to Qianxin, the campaign has already affected more than 700 sites, including well-known organizations and […]
- Google Patches Actively Exploited Android Flaw Affecting Millions of Devices2026-06-03
Google fixed 124 Android flaws, including CVE-2025-48595, an actively exploited privilege escalation bug linked to targeted attacks. Google has released its June 2026 Android security updates, fixing 124 vulnerabilities across the mobile operating system. One flaw, tracked as CVE-2025-48595 (CVSS score of 8.4) stands out from the rest because it is already being exploited in […]
- WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites2026-06-01
The security defect (CVE-2026-8732) allows unauthenticated attackers to create administrative accounts on the affected installations. The post WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites appeared first on SecurityWeek.