Meta disclosed that attackers hijacked 20,225 Instagram accounts by exploiting a flaw in the company’s AI-assisted account recovery system. A vulnerability in High Touch Support (HTS) allowed unauthorized parties to perform password resets on these accounts. HTS is an AI-assisted system designed to help users regain access to locked Instagram accounts.
Meta disclosed that attackers hijacked 20,225 Instagram accounts by exploiting a flaw in the company’s AI-assisted account recovery system. A vulnerability in High Touch Support (HTS) allowed unauthorized parties to perform password resets on these accounts.
HTS is an AI-assisted system designed to help users regain access to locked Instagram accounts. Users typically request password reset links through this support workflow when they lose access. This critical flaw enabled the widespread hijacking.
The incident highlights the risks associated with AI-powered support systems if not properly secured.