Hackers have been able to obtain Instagram users' personal details using only someone's username, cybersecurity experts say. Days after it was revealed that a loophole allowed attackers to access other people's Instagram accounts using Meta's AI chatbot, experts believe they have found another privacy leak.
Account Recovery Function Exploited
The newsletter International Cyber Digest has claimed that Instagram's account recovery function can be used to gain authenticated access to sensitive information, including email addresses and phone numbers. Testing its theory, the tech security newsletter applied the method to some celebrity accounts and successfully accessed the details of Real Madrid footballer Kylian Mbappé, which revealed he also has a personal TikTok account. Similarly, Cristiano Ronaldo's wife, Georgina Rodríguez, had her information exposed, according to the newsletter.
Cyber Digest posted on X: 'Yet another Meta f***-up: its account recovery function allows unauthenticated access to full account PII, including emails and phone numbers, from just a username. We verified the claim and found social media and wine-app accounts belonging to several public figures.'
Meta Yet to Comment
Meta has been contacted for comment regarding this latest security concern. The development follows last week's revelation that hackers had been tricking Meta's AI chatbot to change other people's passwords. Cybersecurity experts estimated that around 100 high-value accounts were compromised, with some being sold on black market services.
Among those hacked was Barack Obama's now-unused White House Instagram account, which has over 2.4 million followers, as well as former Meta security engineer Jane Manchun Wong. In a post on X, she stated: 'Even my Instagram account got hacked. The password got changed without my knowledge and I was getting different password reset attempts throughout yesterday. And I got repeatedly logged out from the IG iOS app. Quite concerning.'
Previous Incidents
Meta has since said that the earlier issue involving the AI chatbot has been resolved. However, the new vulnerability reported by International Cyber Digest raises fresh concerns about user privacy on the platform.
For more stories like this, check our news page. Stay tuned for updates as this story develops.
