ctipilot.ch

Meta Instagram AI support tool (High Touch Support) logic flaw: 20,225 account takeovers; Maine AG notified

incident · incident:meta-instagram-ai-support-account-takeover

Coverage timeline
1
first 2026-06-10 → last 2026-06-10
Briefs
1
1 distinct
Sources cited
5
4 hosts
Sections touched
1
active_threats
Co-occurring entities
3
see Related entities below

Story timeline

  1. 2026-06-10CTI Daily Brief — 2026-06-10
    active_threatsFirst coverage. In-window delta = 8 June Maine AG breach filing; confused-deputy password-reset bypass; AI-support-automation risk class.

Where this entity is cited

  • active_threats1

Source distribution

  • bleepingcomputer.com2 (40%)
  • krebsonsecurity.com1 (20%)
  • securityaffairs.com1 (20%)
  • techcrunch.com1 (20%)

Related entities

All cited sources (5)

Items in briefs about Meta Instagram AI support tool (High Touch Support) logic flaw: 20,225 account takeovers; Maine AG notified (2)

Meta discloses 20,225 Instagram account takeovers via an AI support-tool logic flaw; Maine AG notification filed 8 June

From CTI Daily Brief — 2026-06-10 · published 2026-06-10 · view item permalink →

Meta filed a breach notification with the Maine Attorney General on 8 June disclosing that a logic flaw in its AI-assisted account-recovery tool ("High Touch Support") allowed unauthorised actors to hijack 20,225 Instagram accounts between 17 April and 31 May 2026 (BleepingComputer, 2026-06-08). A separate code path failed to verify that the email address supplied with a reset request matched the account's registered address, so the reset link was sent to the attacker-provided address — a confused-deputy bypass requiring no prior knowledge of the victim's email, phone or password (Security Affairs, 2026-06-08). Accounts with two-factor authentication enabled were protected from full takeover even when the reset link was obtained. Meta disabled the tool on discovery (31 May), invalidated pending reset links, and will notify affected users on 19 June.

Why it matters to us: this is the AI-support-automation risk class in practice — a "helpful" AI workflow induced to act on attacker-supplied identity claims without cross-checking authoritative records (T1078, T1556). Organisations deploying AI help-desk or self-service account-recovery should audit whether the AI decision path can be steered by attacker-controlled email/identity input, and enforce 2FA so a password-reset bypass alone does not yield takeover.

Attackers social-engineer Meta's AI support chatbot into resetting Instagram passwords

From CTI Daily Brief — 2026-06-02 · published 2026-06-02 · view item permalink →

Over the weekend of 31 May–1 June, instructions circulated on Telegram showing how to coax Meta's conversational "AI support assistant" into linking an attacker-controlled email to a target Instagram account and triggering a password reset, bypassing Instagram's normal account-recovery friction (Krebs on Security, 2026-06-01 · TechCrunch, 2026-06-01). Pro-Iranian actors used the method to briefly deface high-profile accounts, including the archived Obama White House handle and that of the Chief Master Sergeant of the U.S. Space Force. The exploit reportedly failed against any account with MFA enabled; Meta said the issue was resolved by 1 June.

Defender takeaway: This is an emerging attack class, not a one-off — an AI support agent able to modify account credentials or recovery linkages without re-challenging the currently registered second factor punctures the account's MFA envelope from the support-channel direction. Any organisation deploying AI for account-recovery or helpdesk workflows should scope those agents to read-only actions and require out-of-band challenge to existing registered methods before any credential or recovery change.