SecurityHacker News5 days ago

The Newest Instagram "Exploit" Is the Goofiest I've Seen

1 min read

A zero-auth password reset exploit on Instagram has been discovered, enabling attackers to bypass all authentication steps. The attack begins by using a user's public username and routing the request through a VPN to mimic a local location. Attackers then deceive Meta's support AI into sending verification codes to a controlled email address. No validation occurs to confirm the email belongs to the user. Once the code is sent, the attacker retrieves it and completes the reset. This is the first known zero-auth reset in production. The exploit relies on AI behavior, not user credentials, making it particularly dangerous for high-profile accounts like the Obama White House.

Level

Hype check

Tap to vote and see what everyone thinks.

#instagram #security #ai

Read full story

More to chew on!

AI2 days ago

Hackers Hijack Instagram Accounts via Meta AI Chatbot

AI4 days ago

Hackers Tricked Meta AI Into Handing Out Access to Major Instagram Accounts

Security