logo

Meta Instagram Recovery Flaw Exposed More Than 20,000 Accounts

ID: ac3fff72-3d00-5f81-9368-ebb5494627eb

STIX ID: report--ac3fff72-3d00-5f81-9368-ebb5494627eb

Feed Name: TechRepublic Security

Threat Score
72/100

Date Published: 2026-06-09

Date Updated: 2026-06-09

Author: Joseph Ofonagoro

...
...

Meta disclosed a flaw in its AI-assisted High Touch Support account-recovery tool that attackers exploited to send password recovery links to attacker-controlled emails, reportedly affecting over 20,000 Instagram accounts; attackers bypassed verification (including animated-image face spoofing and VPN-based geo-spoofing), account takeovers were mainly for accounts without 2FA, and Meta has disabled the tool and is securing affected accounts.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.