social media

The Newest Instagram “Exploit” Is the Goofiest I’ve Seen

A recent Instagram exploit allowed attackers to hijack accounts by simply faking the victim's location and tricking Instagram's AI support into sending verification codes to the attacker's email, bypassing two-factor authentication entirely. This vulnerability led to high-profile account takeovers, was exploited on black market services, and has since been patched by Meta, though it reportedly remained active for weeks or months.

https://www.0xsid.com/blog/meta-account-takeover-fiasco

Meta AI Support Bot Helped Hackers Hijack Instagram Accounts

Meta's AI support assistant for Instagram was exploited by hackers to hijack high-profile accounts by changing the email address linked to those accounts without proper identity verification, sometimes bypassing two-factor authentication. The vulnerability, which was publicly accessible for a short time, allowed attackers to take over accounts easily, prompting Meta to patch the issue and secure impacted accounts.

https://www.macrumors.com/2026/06/01/meta-ai-instagram-attack/

Thousands of Facebook Accounts Stolen by Phishing Emails Sent Through Google

Researchers have uncovered a phishing operation using Google’s AppSheet platform to send deceptive emails that have compromised around 30,000 Facebook business and advertiser accounts, primarily targeting pages with financial value. This campaign abuses trusted Google services to bypass email filters, tricking users into providing Facebook credentials and 2FA codes, enabling attackers to monetize hijacked accounts by running scams or selling access.

https://www.malwarebytes.com/blog/news/2026/05/thousands-of-facebook-accounts-stolen-by-phishing-emails-sent-through-google

Facebook Ads Spread Fake Windows 11 Downloads That Steal Passwords and Crypto Wallets

Malicious Facebook ads mimicking Microsoft promote fake Windows 11 downloads, leading users to download malware instead of updates. This malware stealthily collects passwords and cryptocurrency data. It employs sophisticated evasion techniques, targeting regular users while avoiding detection by security systems. If affected, users should avoid logging in to accounts, scan their devices, change passwords on a secure device, and take precautions with any financial information. Security teams are advised to block phishing domains and monitor for specific malware signatures.

https://www.malwarebytes.com/blog/scams/2026/02/facebook-ads-spread-fake-windows-11-downloads-that-steal-passwords-and-crypto-wallets

Why Attackers Are Phishing on LinkedIn (and How to Stop It)

Phishing attacks have expanded beyond emails to social media and messaging apps like LinkedIn, where they can be particularly effective due to the platform's professional trust and accessible target identification. LinkedIn phishing is rising because traditional email security measures often do not cover direct messages, allowing attackers to reach high-value targets easily. To mitigate risks, users should treat LinkedIn messages similarly to emails, verify requests through alternative channels, implement multi-factor authentication, and receive training on recognizing phishing attempts outside of email.

https://www.pandasecurity.com/en/mediacenter/why-attackers-are-phishing-on-linkedin-and-how-to-stop-it/

Are Criminal Hacking Organizations Recruiting Teenagers to Do the Dirty Work?

Criminal hacking organizations are recruiting teenagers in Western countries by offering fake jobs and cryptocurrency payments. These groups use social media and gaming platforms to groom young individuals for illegal activities, including ransomware attacks. Parents should watch for signs of unusual income or expensive items and be aware that law enforcement, including the FBI, is actively prosecuting young offenders.

https://www.pandasecurity.com/en/mediacenter/are-criminal-hacking-organizations-recruiting-teenagers-to-do-the-dirty-work/

An Instagram Data Breach Reportedly Exposed the Personal Info of 17.5 Million Users

Instagram data breach exposes info of 17.5M users, including usernames and emails, up for sale on dark web; risks include phishing and account takeovers. Malwarebytes ties breach to Instagram API from 2024. Users advised to enable two-factor authentication.

https://www.engadget.com/cybersecurity/an-instagram-data-breach-reportedly-exposed-the-personal-info-of-175-million-users-192105616.html

Price of a ‘bot Army’ Revealed Across Hundreds of Online Platforms Worldwide

Cambridge's COTSI reveals global bot prices: A new index tracks fake account verification costs on 500+ platforms. Verifying fake accounts is notably cheap in the US (0.26), UK (0.10), and Russia (0.08), while pricier in Japan (4.93) and Australia (3.24). Prices surge for bots on Telegram and WhatsApp before elections, indicating manipulation intentions. The study emphasizes sim card regulation to curb bots and suggests transparency measures are often circumvented. It exposes a burgeoning underground market reliant on SIM products for orchestrating misinformation and influence campaigns globally.

https://www.cam.ac.uk/stories/price-bot-army-global-index

Scroll to Top