Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Both ZachXBT and Dark Web Informer confirmed how hackers managed and resold valuable Instagram accounts, including the short handles @hey and @jowo with a “combined market value estimated to exceed $1 million,” according to CyberSec Guru. Such accounts can be valuable even if hackers only keep them for a few days for “soliciting, reselling or counterfeiting,” the security blog said.
A large security hole
CyberSec Guru also described the incident as representing a high level “Second interrupter” problem from computer security, in which a program with elevated permissions is tricked into abusing those permissions on behalf of other less privileged users. But in this case, the “second” was a large model of a language with “a response model that you can shake with words” instead of a “deterministic program” with “hard scripts that you want to bypass with code.”
It is worth remembering that users had easy ways to get protection, even with Meta AI support chatbot is being used. The hackers reported that their hack failed against any accounts they supported multifactor authentication (MFA), including the “lowest MFA option that Instagram offers” in the form of one-time codes sent via SMS, according to KrebsOnSecurity.
But the use still represents a major threat to tech companies and other organizations rushing to deploy AI assistants and elevated permissions that allow them to modify, create, or delete sensitive data. Meta had started it Meta AI Assistant in March 2026 and promises that it “can provide reliable, 24/7 support for any type of support at any time.”
The “minimum” infrastructure required for this to be successful, according to CyberSec Guru, includes “external authentication before account changes…
