This simultaneously seems like: 1) such an obvious attack vector that it is extreme negligence to not have had planned for appropriate security protections against this, and 2) the most obvious outcome for Meta to be this security lax and stupid. If it doesn't hurt their ad sales, it doesn't matter to Meta.

Instagram auth flow is still hosed as I write this. If I try to sign on via web to my account, which was "recovered" yesterday at least 8 times by me and by hackers, I get the most obnoxious recaptcha treatment I've ever seen with 4-6 different pages of "click the motorcycle" where all 16 squares contain motorcycles, and after I deal with that for several minutes it still just hangs on "we will now redirect you".

"Hackers"? No. There's no hacking involved. It's literally just politely asking the bot to send you the login link.

Already on the front page:

The newest Instagram “exploit” is the goofiest I've seen

https://news.ycombinator.com/item?id=48359102 - 180 comments

It might be Zuck who was just exploring his own platforms to see if they all can be destroyed like Metaverse or not

old news https://news.ycombinator.com/item?id=48359102

Have you seen Meta or Instagram AI code? It is horrible. No one understands the whole PyTorch any more.

This is probably a vibe coded feature by someone who had to meet his minimum token quotas.

Or some genius who implemented a "sandbox" and thought that this time, this sandbox will work unlike all other sandboxes in history.

Instagram is of course even worse, since even the Python core developers there use all sorts of hacks. It is not clear if Python is involved in the login system though, but the culture is awful.

I'm still extremely surprised something has not overtaken Instagram in popularity and somehow Meta is still thriving. Shit is nuts.

Did the security engineers leave the building?

Everyone's gonna frame this as "AI is dumb".

And, yes, the current tech is pretty dumb.

But this is a blatant misapplication of the technology in an obviously sensitive use case with an implementation that's so exploitable the people driving it have certainly never heard the term "jailbreak" once in their lives.

Reminds me of a consulting call that I had with a very large internet provider about their new agentic chat support system.

"We're going to start with the request routing layer and move that to AI agents, and then work though the individual services."

I thought it was a wild architectural decision that they would choose to roll every single action that the system handled through an experimental layer. My advice was to start with a safe, repeatable process to validate the effectiveness in the wild, and then expand in the same manner, bringing edges in as they had "solved" the individual implementations.

So, while this is almost the exact opposite of that, choosing a high-value target with real repercussions as their leaf implementation still baffles me. Step zero of any AI integration plan should be prioritization. Companies are routinely failing at this very simple, not-even-technical aspect.