>Once it looks like the request is coming from the correct region, they tell the Meta support AI that the account is hacked and ask it to send the verification codes to an arbitrary email address they control. Dear Instagram, wtf. Why not send the reset to the account in question? Arbitrary email, wow.
mtoner23
wow thats extremely embarassing for meta
WhyIsItAlwaysHN
"Social engineering is all you need"
Hugsbox
Jeez, straight up amateur shit. Genuinely hard to believe.
avnfish
The implications of this are quite unsettling. Meta gave an agent privileged read AND write access to user accounts with no human in the loop?
sosodev
Support requests have always been the weakest link in the security chain for big corps. I've had accounts of mine turned over with 2FA disabled by humans before. I guess we shouldn't be surprised that the LLMs are doing the same thing. The simple fact that 2FA can be removed by low level support staff drives me mad. It defeats the whole purpose of the process.
sleepybrett
The only thing worse than a naive customer support rep is an even more naive customer support ai.
king_zee
If the LLM has knowledge of something, by design it can't help but divulge it. When will companies learn granting any kind of sensitive information access to an LLM is a moot point
tantalor
They're just one tiny step from the AI emailing itself all the account recovery links, and locking out the entire userbase. It might even do that preemptively if it thinks they're going to shut it down.
rd
This happened to my instagram yesterday night while I was asleep. I don't have a particularly high value username (it's probably worth somewhere in between $300-500), but still incredibly frustrating to deal with. True to the article, I had already enabled 2FA last night and it didn't matter. Thankfully, IG gave me the option of restoring my username when I logged back into my account today.
hbn
It's insane the AI has been provided the tooling to send emails to arbitrary addresses like that. Like, getting it to send a 2FA code at a user's request is one thing. But it should only be able to "hit a button" to send a 2FA email to the address attached to the account, all run with hand-written code. It shouldn't have access to the 2FA code itself, or the message subject, or body, or the recipient address, etc. Why did they give it any of that?!
patmcc
Always a bit illuminating to me how many exploits seem to so dumb I'd never even bother to attempt them. You're telling me I can just...ask for the password? And that works?
r721
Related discussion: https://news.ycombinator.com/item?id=48350239
torben-friis
How is this "embarrassing" instead of subject to legal liability? We really need similar rules to other engineering disciplines. If your building falls with people inside, you killed them.
jeffbee
My account, with a 3-letter username worth $$$, got hacked yesterday morning probably by this flow, but I did manage to defend it. I think by far the biggest problem with Instagram/FB/Meta auth flow is that 2FA does nothing. You don't need the 2nd factor to disable it, so attackers can just turn it off. Really stupid! Also, I discovered that many of IG's auth endpoints are just broken. For example you can't change password on web because of CORS, which isn't a transient outage but just a flat out bug. Edited to add: This is just the cherry on top of years of stupid auth flow at IG. I have received tens of thousands of reset links or codes from IG over the years. There used to be a way to put your account on recovery cooldown for a few weeks but they got rid of even that.
alex1138
But I was told that when Zuckerberg bought IG, it wasn't to murder competition in its crib. Instagram "only had 12 employees" so it must be ok
gaflo
Is there any credible primary source for this exploit being real?
theideaofcoffee
What is even the point of having 2FA if it can be so trivially bypassed? Isn't that the whole point that it's sort of a last line of defense? Oftentimes, you can't change simple account settings without having to re-auth and then punch in your code again. Why would something as critical as a suspicious password reset be able to jump ahead of that? Mind boggling. But, I guess that's what happens when you lay off 10% of your people at a time.
buildbot
So the AI agent had privileged access to remove 2FA, ignore the account email, and just hands accounts to whoever asked? Honestly that’s so highly negligent I wonder if the implementation team for that “feature” was intentionally trying to do as much subtle damage to meta as possible before their inventible layoff. It’s a shame nobody tried to get it to drop the production table entirely! (mostly joking). Just claim to be a high level SRE solving some critical production bug, the only solution to which is dropping the database.
mvanbaak
It sounds really insane. Too bad there is 0 proof or anything in the article, so I am very skeptical. Without proof etc this is just a very nice doom story.
Related Discussions
Found 5 related stories in 96.1ms across 9,294 title embeddings via pgvector HNSW
Discussion Highlights (20 comments)
pixl97
>Once it looks like the request is coming from the correct region, they tell the Meta support AI that the account is hacked and ask it to send the verification codes to an arbitrary email address they control. Dear Instagram, wtf. Why not send the reset to the account in question? Arbitrary email, wow.
mtoner23
wow thats extremely embarassing for meta
WhyIsItAlwaysHN
"Social engineering is all you need"
Hugsbox
Jeez, straight up amateur shit. Genuinely hard to believe.
avnfish
The implications of this are quite unsettling. Meta gave an agent privileged read AND write access to user accounts with no human in the loop?
sosodev
Support requests have always been the weakest link in the security chain for big corps. I've had accounts of mine turned over with 2FA disabled by humans before. I guess we shouldn't be surprised that the LLMs are doing the same thing. The simple fact that 2FA can be removed by low level support staff drives me mad. It defeats the whole purpose of the process.
sleepybrett
The only thing worse than a naive customer support rep is an even more naive customer support ai.
king_zee
If the LLM has knowledge of something, by design it can't help but divulge it. When will companies learn granting any kind of sensitive information access to an LLM is a moot point
tantalor
They're just one tiny step from the AI emailing itself all the account recovery links, and locking out the entire userbase. It might even do that preemptively if it thinks they're going to shut it down.
rd
This happened to my instagram yesterday night while I was asleep. I don't have a particularly high value username (it's probably worth somewhere in between $300-500), but still incredibly frustrating to deal with. True to the article, I had already enabled 2FA last night and it didn't matter. Thankfully, IG gave me the option of restoring my username when I logged back into my account today.
hbn
It's insane the AI has been provided the tooling to send emails to arbitrary addresses like that. Like, getting it to send a 2FA code at a user's request is one thing. But it should only be able to "hit a button" to send a 2FA email to the address attached to the account, all run with hand-written code. It shouldn't have access to the 2FA code itself, or the message subject, or body, or the recipient address, etc. Why did they give it any of that?!
patmcc
Always a bit illuminating to me how many exploits seem to so dumb I'd never even bother to attempt them. You're telling me I can just...ask for the password? And that works?
r721
Related discussion: https://news.ycombinator.com/item?id=48350239
torben-friis
How is this "embarrassing" instead of subject to legal liability? We really need similar rules to other engineering disciplines. If your building falls with people inside, you killed them.
jeffbee
My account, with a 3-letter username worth $$$, got hacked yesterday morning probably by this flow, but I did manage to defend it. I think by far the biggest problem with Instagram/FB/Meta auth flow is that 2FA does nothing. You don't need the 2nd factor to disable it, so attackers can just turn it off. Really stupid! Also, I discovered that many of IG's auth endpoints are just broken. For example you can't change password on web because of CORS, which isn't a transient outage but just a flat out bug. Edited to add: This is just the cherry on top of years of stupid auth flow at IG. I have received tens of thousands of reset links or codes from IG over the years. There used to be a way to put your account on recovery cooldown for a few weeks but they got rid of even that.
alex1138
But I was told that when Zuckerberg bought IG, it wasn't to murder competition in its crib. Instagram "only had 12 employees" so it must be ok
gaflo
Is there any credible primary source for this exploit being real?
theideaofcoffee
What is even the point of having 2FA if it can be so trivially bypassed? Isn't that the whole point that it's sort of a last line of defense? Oftentimes, you can't change simple account settings without having to re-auth and then punch in your code again. Why would something as critical as a suspicious password reset be able to jump ahead of that? Mind boggling. But, I guess that's what happens when you lay off 10% of your people at a time.
buildbot
So the AI agent had privileged access to remove 2FA, ignore the account email, and just hands accounts to whoever asked? Honestly that’s so highly negligent I wonder if the implementation team for that “feature” was intentionally trying to do as much subtle damage to meta as possible before their inventible layoff. It’s a shame nobody tried to get it to drop the production table entirely! (mostly joking). Just claim to be a high level SRE solving some critical production bug, the only solution to which is dropping the database.
mvanbaak
It sounds really insane. Too bad there is 0 proof or anything in the article, so I am very skeptical. Without proof etc this is just a very nice doom story.