frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Meta confirms 1000s of Instagram accounts were hacked by abusing its AI chatbot

https://this.weekinsecurity.com/meta-confirms-thousands-of-instagram-accounts-were-hacked-by-abusing-its-ai-chatbot/
39•speckx•1h ago

Comments

toomuchtodo•1h ago
https://www.documentcloud.org/documents/28202858-meta-ai-ag-...

https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2...

sva_•42m ago
> Date(s) Breach Occured: 04/17/2026

> Date Breach Discovered: 05-31-2026

Cyan488•44m ago
> "The tool itself worked properly and functioned as intended; however due to a bug in a separate code path, the system did not properly verify that the email address provided by the individual requesting a password reset matched the email address associated with that user’s Instagram account," said Meta in its breach notice.

I'm not sure "worked properly" and "as intended" accurately describe this situation.

ludwik•38m ago
I like to dunk on Meta as much as the next guy, but I think this makes sense: deterministic verification like this is not, and should never be, the LLM’s job. The tools it has access to should enforce the permissions layer, ensuring that the LLM can never perform actions the user themselves should not be allowed to perform. In this case, the tool failed to do that.
ofjcihen•38m ago
Maybe they’re communicating exactly what it sounds like and are just owning up to being complete morons?
RobRivera•29m ago
Oh it was a downstream dependency. The tool worked, it was the downstream dependency. Glory to Arstotszka
Cpoll•24m ago
The argument here is that the AI is a glorified input page. The input field asks for your username and email and sends it to a backend function. Such an input page is working as intended.

The problem is when the backend function doesn't verify that the email matches the username.

jgalt212•20m ago
Fair enough. Never trust client-submitted browser form, but always trust LLM-submitted form.
nico•22m ago
That sounds a lot like the justifications Claude and ChatGPT give when confronted about something they did wrong, or when asked to provide a customer support response about software issues
loloquwowndueo•42m ago
This was on hacker news a few days ago (https://news.ycombinator.com/item?id=48359102) - description of the “hack”, not the cockamamie confirmation by Meta.
rvz•11m ago
If this was a bank that had zero humans and the AI chatbot was abused to hand over sensitive information about their customers which led to this disaster, people would never trust their bank ever again and leave.

Meta believes that they can vibe-code their reputation down the drain by removing humans in the loop.

Applying a technical solution to a social problem almost always ends in disasters like this.

Reputation can’t be vibe-coded.

totetsu•9m ago
Then ‘ The tool itself’ was not appropriate to the job in the first place
laweijfmvo•8m ago
so how long was the bug there? was there a way to access it before/without the support agent? it feels like Meta will throw anything under the bus to redirect blame from the AI, because that would be the end of their $600B (depending on “which number you want to go with”) experiment

Koppert Bumblebee Farming [video]

https://www.youtube.com/watch?v=oLucqyqg6L8
1•Onavo•4m ago•0 comments

Home alone: Remote work, isolation, and mental health

https://www.science.org/doi/10.1126/science.aec7671
2•speckx•4m ago•0 comments

AI Enthusiasts Race Against Time, Skeptics Race Against Entropy

https://charitydotwtf.substack.com/p/ai-enthusiasts-are-in-a-race-against
1•birdculture•7m ago•0 comments

If you put the Apple icon in reverse

https://daringfireball.net/2026/01/thoughts_and_observations_regarding_apple_creator_studio
1•baal80spam•9m ago•0 comments

A new robot's UI is body language

https://www.theattachmenteconomy.com/p/a-new-robots-ui-is-body-language
2•mikelgan•9m ago•1 comments

Catalog: Ecom Inspo

https://catalog.cool
2•handfuloflight•11m ago•0 comments

Taco Truck called TNT Tacos explodes, leaves two hospitalized with burns

https://www.wbbjtv.com/2026/06/05/local-taco-truck-explodes-leaving-two-hospitalized-with-severe-...
1•randycupertino•11m ago•0 comments

McDonald's Just Announced a Big Change to Its Drive-Thrus

https://www.allrecipes.com/mcdonalds-ai-drive-thru-change-11991109
1•mikhael•13m ago•1 comments

Our Great War Is a Spiritual War

https://geohot.github.io//blog/jekyll/update/2026/06/06/our-great-war.html
2•therepanic•15m ago•1 comments

Recent Thoughts on AI Use

https://blog.jsweeting.me/recent-thoughts-on-ai-use
1•speckx•15m ago•0 comments

Deterministic Implementation of a .NET Runtime

https://github.com/Smaug123/WoofWare.PawPrint
2•algorithmsRcool•16m ago•0 comments

Startup replaced $14K/mo cloud GPUs with 1000 M4 Mac Minis

https://twitter.com/TheAppleDesign/status/2063195530864542142
2•ksec•16m ago•1 comments

I made a browser game that teaches tmux

https://tmuxquest.com/
1•buzzycat•17m ago•0 comments

Trophic memory, deer, and a unique scientific object

https://thoughtforms.life/trophic-memory-deer-and-a-truly-unique-scientific-object/
4•BafS•19m ago•0 comments

Ask HN: Are your hidden links missing?

1•toomuchtodo•22m ago•0 comments

Mass Layoffs Caused by AI

https://olegdubovoi.com/thoughts/2026-06-04-mass-layoffs-caused-by-ai/
2•empiree•22m ago•0 comments

Show HN: I ported Xonotic (arena FPS) to WebAssembly with full P2P multiplayer

https://dpgame.xonotic.workers.dev/
5•astlouis44•26m ago•1 comments

Looking for Backdoors in Jane Street LLMs

https://www.alignmentforum.org/posts/a98MFPmqH54J2ayBn/looking-for-backdoors-in-jane-street-llms-1
2•allenleee•26m ago•0 comments

Claude, Teach Me Something

https://hugotunius.se/2025/10/26/claude-teach-me-something.html
1•dannyboland•30m ago•1 comments

We Forget

https://quinnmaclay.com/posts/forget
1•speckx•33m ago•0 comments

Ntsc-rs – open-source video emulation of analog TV and VHS artifacts

https://ntsc.rs/
20•gregsadetsky•37m ago•6 comments

Hermes – Community Web UI with Agent

https://get-hermes.ai/
1•SeriousM•39m ago•0 comments

Show HN: CCC: One place to manage all your Claude, Codex, Antigravity sessions

https://github.com/amirfish1/claude-command-center
1•amirfish2•39m ago•0 comments

posix_spawn syscall added (2012)

https://blog.netbsd.org/tnf/entry/posix_spawn_syscall_added
1•JdeBP•39m ago•0 comments

AI Memory Proves Inefficient: Tenure Project Detects 95% Error Rate

https://zamin.uz/en/technology/205592-ai-memory-proves-inefficient-tenure-project-detects-95-erro...
5•jflynt76•41m ago•0 comments

The dark origins of Disney fairy tales [video]

https://www.youtube.com/watch?v=pyDZpDkU46Y
2•gmays•42m ago•0 comments

Readers' top novels of all time

https://www.theguardian.com/books/ng-interactive/2026/jun/06/readers-top-100-novels-of-all-time
1•fallinditch•42m ago•0 comments

Exitus: Travel Advisor

https://exitusadvisor.org/
2•polysw•46m ago•0 comments

iSave – A budgeting app that works without linking your bank

https://i-save.app/
1•xhafaaldi•46m ago•0 comments

Show HN: Competitive Programmer's Web Debugger

https://klyroni.com
1•s3arch•53m ago•0 comments