Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Instagram High Touch Support password reset security flaw

Vulnerability
First reported
Last updated
Happening score
H score 50
3 unique sources, 3 articles

Summary

Hide ▲

Meta's High Touch Support (HTS) flaw enabled attackers to trigger Instagram password resets, creating account-takeover risk for over 20,000 users and weakening protection for accounts without 2FA. The weakness let unauthorized parties use the recovery flow to obtain reset links for targeted accounts. Meta later said the issue was resolved and that impacted accounts were being secured.

Related Happenings

Instagram account data exposed through Meta HTS recovery flaw

Data Leak
First: 08.06.2026 11:00 Last: 08.06.2026 11:00 Sources 1

How related: Among the data exposed by the security snafu were: Contact information (email address and/or phone number) Date of birth Social media posts and content (photos, videos, stories) Direct messages and communications

About this happening: **Instagram account data** was exposed after a flaw in **Meta’s High Touch Support (HTS)** recovery flow let unauthorized third parties receive password reset links for **20,225 a...

Open Happening

Meta AI-powered support tools abused in Instagram account recovery flow

Security Tool/Service
First: 02.06.2026 18:47 Last: 02.06.2026 18:47 Sources 1

How related: As BleepingComputer reported one week ago, the threat actors exploited a flaw in the company's High Touch Support (HTS) tool, an AI-assisted support system that helps users regain access after being locked out of their Instagram accounts.

About this happening: **Instagram accounts** were hijacked after attackers abused **Meta’s AI-powered support tools** to pass recovery checks and change the recovery email, creating a direct failure in...

Open Happening

Dashlane personal-plan users' encrypted vault exposure

Data Leak
First: 02.06.2026 06:55 Last: 02.06.2026 06:55 Sources 1

About this happening: On **May 31, 2026**, Dashlane disclosed that an **external brute-force account attack** led to **encrypted vaults** being downloaded for **fewer than 20 personal-plan users**, cre...

Open Happening

Dashlane password manager account lockouts from brute-force attacks

Service Disruption
First: 01.06.2026 21:17 Last: 01.06.2026 21:17 Sources 1

About this happening: **Dashlane** experienced a **temporary account-access disruption** after **brute-force login attempts** triggered security lockouts for some users. The affected accounts were late...

Open Happening

Instagram accounts for Obama White House hit by account takeover attack

Incident
First: 01.06.2026 20:32 Last: 01.06.2026 20:32 Sources 1

How related: Meta has revealed that over 20,000 Instagram users had their accounts hijacked in a recent incident where attackers used Meta's AI-powered support system to reset passwords.

About this happening: The **Instagram** accounts for the **Obama White House** and the **Chief Master Sergeant of the U.S. Space Force** were briefly **defaced** after attackers abused **Meta’s AI supp...

Open Happening

Timeline

  1. 08.06.2026 09:00 1 articles · 11h ago

    Instagram High Touch Support flaw enabled password-reset abuse

    Exploitation Observed

    A breach date filed with Maine's Office of the Attorney General points to April 17, 2026 as the day unauthorized third parties first abused Meta's High Touch Support (HTS) AI-assisted Instagram account recovery flow to obtain password reset links. The flaw let attackers bypass ownership verification for targeted Instagram accounts, creating account-hijacking risk for users without two-factor authentication (2FA) enabled.

    Show sources
    Open in new tab
  2. 08.06.2026 09:00 4 articles · 11h ago

    Meta discloses Instagram account recovery vulnerability and secures impacted accounts

    Initial Disclosure

    Meta said it discovered on May 31, 2026 that unauthorized third parties had exploited a vulnerability in Instagram's High Touch Support (HTS) AI-assisted account recovery system to perform password resets on user accounts. Meta said it disabled HTS and the reset links it had generated, secured impacted accounts, enrolled potentially stolen accounts in a mandatory security checkpoint, and told affected users to reset their passwords and re-authenticate; a data breach letter filed with Maine's Office of the Attorney General said up to 30 users in the jurisdiction could have been compromised.

    Show sources
    Open in new tab