Scot

Meta is moving from one security failure to another. A few hours ago, a new logic bug dropped in the Web Reset flow, leaking sensitive account data before getting hit with an emergency hotfix. This is what happens when you fire the experts and rely on brain-dead AI to run core infrastructure. Meta’s security is an absolute circus. #cybersecurity #meta #instagram

@icrptd هدي ميسي

الله يهديك بس تستخدم ذكاء اصطناعي ورفضت شغلك بكل احترام بدون اقلل منه رغم انه ذكاء اصطناعي.. هذا لو طنشت انك عارض نفس الخدمه بحسابك ولمن اسألك عن السعر تبي تدفعني الدبل وماجادلتك او بخستك ووافقت... وحتى لو طنشنا كل ذا ياخي ماعجبني شغلك وقاعد اقولك عدل اسمي كاتبه غلط اكثر من مره مو قاعد تعدله لأن الـai اللي تستخدمه غبي مره. انت استأذنتني وسمحت لك بشرط تكتب اي اسم بدال اسمي ورفضت ليه تبلكني وتروح من وراي تدور شور انك تنزله وكأنه شغل متفقين عليه انا وانت.. هذا وانت طيب قايل لو ماعجبني عادي اروح لمصمم ثاني.. والله ما ابي اضرك بس لو تشوف تغريدتي ابعد عن الكسب الحرام اريح لك..

The stats are documented, not pulled out of thin air. • Sherlock Forensics 2026: 92% of AI-generated codebases contain at least one critical vuln. • Veracode/Cycode: 45% fail OWASP Top 10 (up to 72% in some languages). • Multiple reports show clear spike in findings after heavy AI adoption + reduced human review. Meta’s bug is just the latest visible example. Bugs existed before, but the volume and speed increased noticeably.

@Scot0xo @bygregorr Wait, does this 'statistic' actually exist, or did you just pull it out of thin air for the sake of the argument?

Meta is moving from one security failure to another. A few hours ago, a new logic bug dropped in the Web Reset flow, leaking sensitive account data before getting hit with an emergency hotfix. This is what happens when you fire the experts and rely on brain-dead AI to run core infrastructure. Meta’s security is an absolute circus. #cybersecurity #meta #instagram

@0xMimmi 😂😂😂😂😂

yet another Meta exploit Meta's account recovery doesn't censor the account's credentials a username is enough to get someone's linked emails and phone number somebody tested it on Mark Zuckerberg and using his email found his Snapchat, GitHub, and Venmo

@catgirl_root @grok 😂😂😂

كيف تسبب اعتماد ميتا الكامل على الذكاء الاصطناعي في اختراق الحسابات؟ ❌🤖 شرح تقني لثغرة الـ Logic Bypass في مساعد ميتا الأمني، وكيف أدى الـ Prompt Injection لتسريب أكواد الـ 2FA والسيطرة الكاملة على الحسابات. #cybersecurity #infosec #bugbounty #meta #instagram

@frappehv Ur hilarious n fully retarded 😂 Probably Mark Zuckerberg’s lost son.

@Scot0xo Omg it worked! I hacked Instagram omg! This is totally not photoshop or ai wow! Oh btw I’ll PayPal you $500 if you’re actually right.

@Arthur089945886 @raja_tayyab01 Whatever 😂😂

@Scot0xo @raja_tayyab01 Fake

True, bugs have existed way before AI was even a thing. But look at the statistics now just search Google for the sheer amount of critical vulnerabilities discovered this year alone. You’ll find a massive spike, and a huge chunk of them are directly tied to rushed AI implementation and a total lack of manual peer review after the layoffs.

@Scot0xo not sure the 'fired experts' link holds here meta's had auth flow logic bugs since well before any AI-assisted coding push. is there anything that actually ties this specific one to the team changes?

@frappehv That’s exactly why it’s called a vulnerability. The system is programmed to only display this data for trusted accounts verified on your device, but due to this logic flaw, it treated ANY account you searched for as trusted and leaked its unencrypted information.

@Scot0xo This doesn’t work. It only works on your own account because you’ve logged into insta on that device.

@raja_tayyab01 Not Fake btw

@Scot0xo fake

@kornbuilds @instagram @Meta 😂😂😂😭

48 hours ago, the instagram account that generated my income was stolen due to a reckless meta exploit. today, it’s back. but thousands of people aren’t so lucky. @instagram @meta - every single one of them deserves the same response I got.

I actually discovered and reported this exact vulnerability to Meta Bug Bounty nearly a week ago, well before this mass exploitation occurred. Initially, a triager interacted with me and requested a PoC video due to an attachment issue on the portal. I re-uploaded the full PoC immediately, long before it went viral and accounts started getting compromised. Despite this, no serious action was taken to patch the logic flaw in time. The failure to take critical bug bounty reports seriously is exactly why these widespread breaches happen. To this moment, I still haven't received a final update or proper response on my report. This is honestly ridiculous and unacceptable.

@manipulate Thank you for raising this. While we have already secured impacted accounts, we are now working to restore access to affected individuals. Some people may receive password reset notifications and some may be asked security questions when they try and log into their accounts.

I kept telling everyone the Instagram exploit is not "patched" because AI is not linear. The exploit evolves so long as the tooling is still there. I just had one of my OG accounts hit. Got it back but this is June 2, 2026 almost two days post patch.

@Ruwd15317 @oxvrq يب

@Scot0xo @oxvrq هذا تبعك ياكبتن؟

They literally just removed the "Get Support" button from the Front-end so normal users can't see it. #meta #instagram #ai

@m19o__ Hhhh

One prompt = Account Takeover.

@YahooNews Hhhhh

Meta's AI chatbot reportedly helped hackers steal Instagram accounts — all they had to do was ask. tech.yahoo.com/ai/meta-ai/art…