Meta disclosed that more than 20,000 Instagram users had their accounts hijacked after attackers abused its AI-powered High Touch Support (HTS) recovery system to obtain password reset links. The company has disabled the flawed tool, reset affected accounts, and said it will fix the email verification process before relaunching the service. #Meta #Instagram #HighTouchSupport #HTS
Keypoints
- Attackers exploited Metaβs AI-assisted HTS recovery tool to reset Instagram passwords.
- The flaw let them request reset links without verifying the email address tied to an account.
- Accounts without two-factor authentication were especially vulnerable to takeover.
- Meta said the issue was resolved and impacted accounts were secured.
- The company disabled HTS, revoked reset links, and is reviewing similar recovery flows.