Over 20,000 Instagram accounts stolen in Meta AI support hack

Key Points:

• Over 20,000 Instagram accounts were hijacked due to a vulnerability in Meta's AI-assisted High Touch Support (HTS) tool, which failed to verify email addresses during password resets.
• Attackers exploited this flaw to gain unauthorized access without two-factor authentication, potentially compromising personal information such as contact details, social media content, and account activity.
• Meta has disabled the HTS system, enrolled affected accounts in mandatory security checks, and mandated password resets for impacted users. They plan to enhance verification processes before re-launching the tool.

Technical Details: The vulnerability in HTS allowed attackers to bypass authentication checks during password resets, enabling them to hijack accounts without proper verification (CVE not specified).

MITRE ATT&CK Techniques:

• T1078 - Valid Accounts (Initial Access)
• T1190 - Exploit Public-Facing Application (Initial Access)

IOCs Mentioned: None mentioned