Meta's AI support assistant has been helping hackers get access to high-profile Instagram accounts, according to reports on social media. With no verification check, ‌Meta‌ AI would change the email address associated with an Instagram account, allowing the password to be updated.


‌Meta‌ introduced its AI support assistant back in December with the aim of making it easier for customers to access 24/7 account support. It can be used for reporting scams, getting information on content removal, and resetting passwords. The latter option is what bad actors were able to exploit.

The Instagram vulnerability showed up on social media over the weekend, with demonstrations of the simple steps taken to get access to an account. In one demo, a hacker asks ‌Meta‌'s support bot to change the email address linked to a target Instagram account, and the AI does it without question.

‌Meta‌'s support did not do robust identity verification, and in some cases, it appears it bypassed two-factor authentication. All that was required was a VPN connection set to a location near the target account, which is trivial. ‌Meta‌ appeared to be verifying account ownership based on location. "Our systems recognize the device you usually use and familiar locations better than ever," reads ‌Meta‌'s blog post on its AI support agent. In some cases, users were asked to verify their identity with a selfie, which was bypassed using AI.

For a short period of time, the exploit was available to the public, and account takeovers ramped up. One security researcher said Telegram channels that offer black market Instagram services "made lots of $$$" with ‌Meta‌'s AI. 404 Media said hackers have been aware of the exploit since March.

‌Meta‌ patched the issue over the weekend, and today, ‌Meta‌'s VP of communications Andy Stone said the issue has been fixed. ‌Meta‌ is now "securing impacted accounts."

Information about the Instagram attack vector comes after hackers were able to take over accounts for Sephora, the Chief Master Sergeant of the Space Force, researcher Jane Manchun Wong, developer Albert Renshaw who owned @albert, and the archived Barack Obama White House account. Multiple other users with desirable Instagram handles reported having their accounts taken.

Some users who have had their accounts stolen over the weekend were not able to use the AI to get their accounts back, and there was no option to speak with a human for help.
This article, "Meta AI Support Bot Helped Hackers Hijack Instagram Accounts" first appeared on MacRumors.com

Discuss this article in our forums

Meta is rolling out paid Instagram Plus, Facebook Plus, and WhatsApp Plus plans worldwide as of today.


Instagram Plus is priced at $3.99 per month, Facebook Plus is priced at $3.99 per month, and WhatsApp Plus is priced at $2.99 per month. According to TechCrunch, the paid plans provide features like profile customization, super reactions, and story insights.

Instagram Plus lets users see how many people have rewatched a Story, and it adds unlimited audience lists for Stories for creating groups other than Close Friends. Users can spotlight a story once a week for extra views, use Super Heart animated reactions, choose custom app icons, add customized fonts to a profile bio, extend a story beyond 24 hours, and search a story viewer list to see who is watching. Subscribers will also be able to post straight to their profiles without having the post show up in their followers' feeds, and they will be able to stealthily "preview" Instagram stories without showing up as a viewer.

Facebook Plus includes most of the same features as Instagram Plus, while WhatsApp Plus includes app themes, custom ringtones, more pinned chats, list customization, and premium stickers.

Meta head of product Naomi Gleit said the company is also exploring new subscription plans for creators and businesses, along with plans for AI users. The new plans are being offered under "Meta One" branding that combines subscription offerings from multiple Meta platforms.

The $7.99 Meta One Plus plan and the $19.99 Meta One Premium plan are aimed at Meta AI users. Both plans unlock higher compute queries, reasoning, and image/video generation, but Premium offers more capacity, including deeper reasoning for complex tasks.

A Meta One Essential plan priced at $14.99 per month is designed for creators and businesses. It includes a verified badge, impersonation protection, better analytics, and a linksheet that lets users link to their online profiles on the web and on other social media networks. The $49.99 Meta One Advanced plan includes the Essential options plus features in the Facebook feed, optimized scheduling tools, notifications when others reuse a creator's content, higher rankings in Instagram and Facebook search, a bolder Follow button on Reels, and automatic follow invitations for people who engage with a creator or brand's content.

Meta is going to start testing the AI Meta One plans in Singapore, Guatemala, and Bolivia next month. The business plans will be tested in Saudi Arabia, Morocco, Thailand, and Bangladesh starting later this week.

Gleit described Meta One as a place that brings Meta subscriptions "together" across all Meta apps. She said Meta's new plans were "just the beginning with a lot more value to come."
This article, "Meta Wants You to Pay for Instagram, Facebook, and WhatsApp Now" first appeared on MacRumors.com

Discuss this article in our forums

Instagram has introduced a new feature called “Instants” which seems to be inspired by Snapchat in that it allows for instant expiring pictures to be sent to people. Like any new feature, some people are going to like it, and some people are going to not like it, and if you happen to find the ... Read More

Meta today announced the launch of Instants, a new image sharing option on the Instagram social network. Instants are ephemeral photos that disappear from Instagram after they're viewed by a user's friends or after a 24-hour period.


Reactions and replies to Instants images show up in DMs instead of on the post. Instants photos are only displayed for a short period, but they are saved to a user's archive for a year and can be reshared to Stories. Instants cannot be edited, with no option for filters, stickers, or modifications beyond captions. That sets them apart from Stories, which is already an Instagram feature.

Instants is an Instagram feature, but Meta has also developed a standalone Instants companion app "for quicker camera access." The standalone app is a direct competitor to Snapchat, the original ephemeral image social network. The new app can be used for sharing Instants, but on Instagram, users can also share Instants from a new camera option in the Direct Messages section of the app.

Instants can be viewed on Instagram by opening up DMs and tapping on the new Instants box in the bottom right corner of the inbox. Photos can be shared with friends set as close friends, or as mutuals, aka followers that an Instagram user follows back. Instants are not able to be screenshotted or screen recorded, providing privacy features not available with other Instagram image types.

Meta says that Instants are designed for casual, everyday photos. The standalone app is limited to select countries, as Meta says that it is an experiment. Images shared on the Instants app will show up for friends on Instagram, and images shared on Instagram will show up in the Instants app.

Instants on Instagram is available globally starting today, and the app is also available for download in countries where it is supported.
This article, "Meta Launches 'Instants' App for Sharing Disappearing Photos on Instagram" first appeared on MacRumors.com

Discuss this article in our forums

As of today, end-to-end encryption for Instagram direct messages is no longer available. DMs that you send to people on Instagram will no longer feature full encryption, and your conversations are not protected from Meta.


Meta can potentially see what's in messages shared between users on Instagram, and that information can be shared with law enforcement agencies worldwide.

End-to-end encryption has been an opt-in messaging feature on Instagram since 2023, but Meta quietly removed it. Meta told The Guardian earlier this year that it is removing the encryption feature because not enough people adopted it. At the same time, Meta did not turn it on by default, nor did the company alert users that it was an option. Sending an encrypted message required turning it on for each individual conversation by tapping into a buried per-conversation setting. Meta also never rolled the feature out to all Instagram users.

"Very few people were opting in to end-to-end encrypted messaging in DMs, so we're removing this option from Instagram in the coming months," Meta said. Meta suggests that people who want end-to-end encryption should use WhatsApp, which is another messaging app that it owns. iMessage and other apps like Signal that are not Meta-owned also offer end-to-end encryption.

Law enforcement agencies and child safety advocates have long pushed for Meta to remove encryption, but Meta could also be getting something out of the feature's removal. It's possible the company will be able to use direct messaging content for advertising algorithms or training chatbots. Meta says that content in DMs is not used for targeted ads right now, but there is wording that allows for product improvement.

Meta's decision to remove Instagram's end-to-end encryption comes 11 days before the Take It Down Act takes effect. The actf will require platforms to remove non-consensual intimate imagery like deepfakes within 48 hours of a takedown notice, but with E2EE in place, Meta can't access the content needed to comply.

Instagram users who have end-to-end encrypted chats have been given instructions on how to download media or messages that they want to keep.

Last year, Meta started using private generative AI conversations to personalize content and customize ad recommendations for Facebook, Instagram, WhatsApp, and Messenger users, so there seems to be little limit on the data that it will use to generate revenue. WhatsApp and Messenger continue to have end-to-end encryption for the time being.
This article, "Warning: Instagram DMs Lose End-to-End Encryption Starting Today" first appeared on MacRumors.com

Discuss this article in our forums

Apple Creator Studio now has an official Instagram account, as spotted by Scott Buscemi.


Apple Creator Studio is a new subscription bundle that provides access to Final Cut Pro, Logic Pro, Pixelmator Pro, Motion, Compressor, and MainStage on the Mac and/or iPad, with U.S. pricing set at $12.99 per month or $129 per year.

A subscription also unlocks "intelligent features" and "premium content" in apps like Numbers, Pages, and Keynote, plus the Freeform app later this year.

If you are interested in Apple's creative apps, you may wish to follow the account, which will presumably share tips and tricks and more.
This article, "You Can Now Follow Apple Creator Studio on Instagram" first appeared on MacRumors.com

Discuss this article in our forums