I'm not sure "worked properly" and "as intended" accurately describe this situation.
I also can't believe the people who were involved with writing this response from Meta, didn't realize how obviously bad it sounds. It's like there is no humans working and writing there anymore.
Don't know if AI is to blame, but I've used to see these kinds of nonsense post-mortems even in the pre-llm era, and it's always due to some internal fighting ongoing between various departments.
(Usually said jocularly when everyone is at their most upset, e.g. a vacation ruined)
Meta has never been a place for people with empathy to thrive or succeed. They literally enabled a genocide. Despite being warned by internal employees, profits were more important.
I agree with you that in a week nobody will be talking any more, but I'm pretty sure it's a GDPR data breach, and they can have some trouble within EU.
Yeah, they probably don't give a fu.. about EU, but if the response doesn't matter at all why did they spend time on it?
[1]: https://www.documentcloud.org/documents/28202858-meta-ai-ag-...
> The LLM correctly generated tokens according to user input, however due to a bug in a separate code path, the system did not properly verify the email address
> Nginx correctly handled the user requests according to the HTTP standard, however due to a bug in a separate code path, the system did not properly verify the email address
Humans support agents certainly fall prey to social engineering all the time, but I can’t think of a case where it was done on this scale so easily.
Having a support agent likely made it easier to enumerate the vuln, and certainly made it easier to scale out exploitation once it was discovered.
But it’s irrelevant, outside of PR. We know at least THREE bad components to this process and they were constituent parts.
But it's important to acknowledge that there was a 'bug' in an underlying tool and not in the chatbot, and still PIP/fire those responsible for publishing the chatbot and exposed an otherwise internal tool to the public, and not those that introduced the 'bug' to an internal tool.
I continue to believe we could fix a lot of things in the US if we updated the UCC[1] to disallow 'disclaiming liability on software used in a product.'
[1] Universal Commercial Code -- https://www.law.cornell.edu/ucc
If I sell a physical motor (let alone plans for one) I'll have some liability for things like it Not Exploding. If someone buys a dozen of those motors to assemble a tragically unsafe "rollercoaster" of their own design and construction, I'm almost certainly not responsible for any terrifying decapitations.
In other words, most of the world already does not rely on the issuance of "Get Out Of Infinite Liability Free" cards.
To Terr_'s point, if you were publishing open source you would also publish exactly the things you intended it to be used for and anything else would violate your warranty (possibly implied) that it does what the documentation says it does.
There is a huge amount of tort law that covers exactly when it becomes a problem for you the creator vs you the user in your own project. And that liability is also based on once you know something bad could happen you make an effort to notify people[1].
[1] https://www.cpsc.gov/Newsroom/News-Releases/2026/Clorox-Agre...
Nobody's going to be distributing software on the internet for free if the cost of insurance alone precludes that.
Guess what, I'm not liable for the damage. Why? Because I immediately responded once I knew that it could, I made a good effort to warn people who might already have the code of the risk, and I made it clear in the code that this risk is there.
Ever wonder why you get a booklet of warnings when you buy a product with even really stupid things like "Don't clean with gasoline" warnings? That's because once you have discharged your duty to warn you are not longer liable in what happens if someone ignores your warning.
The flip side is also true, you cannot say in your product both "Hey this product does these cool things" and "We don't warrant the product to actually do anything." This is especially true if there is money involved (like your user paid your some $ for the product.) There is always an implied warranty that the thing will do what you says it will do, which exists as long as the user has heeded all your warnings.
No bro - open source and the internet existed long before SV tech parasitism did and will exist long after.
When I reflect back to someone making this argument by saying, "So your argument is that you make your living as a pick pocket, but if pick pocketing is made to be illegal, you won't be able to make a living." Which of course would only be true if they only thing they could do was 'be a pick pocket'. Its a very common rhetorical technique to argue that the status quo cannot be changed. All the arguments that "you'll put all coal miners out of business if you require only green energy" And yet the people, the miners themselves, will likely be fine. The firms might not, but there are other firms that could exist.
This isn't a new problem, or one specific to this web site, although it does get disproportionately hit because so many technology companies saw what Google started in the 2000's and said, "Man there is soooo many ways to get money for this." rather than, "Is this a reasonable way to make money? Sure it is 'perfectly legal' but is it right? Is it moral?" The type of person who thinks that something is "Only illegal if you get caught" is neither moral nor particularly concerned about what is right. And we got a lot of that type.
While the "stochastic parrots" thing is a bit overblown, IME most LLMs tend to surprisingly different responses even without changing the context, especially if they're hallucinating or doing something "wrong".
The problem is when the backend function doesn't verify that the email matches the username.
Or perhaps said different: use the submitted info to identify the account; send any sensitive messages (recovery codes, password resets whatever) to only the contact info on file. If the chat bot can send such email it should do so via an API that sends only to contact info on file for the associated account and not to an email that's provided by the bot.
In principle, it could be designed to do so to handle cases where a new email address has been confirmed out of band, e.g. for an account representing a company or a political office. But that's a relatively unusual situation, not something you'd want to be available to every user writing in. (Even if you had an all-human support department, this sort of functionality would only be available to a select few agents.)
Unless the backend was _also_ vibe-coded, in which case it is still an AI problem.
Don’t read too much into it. Facebook wants to face as little accountability and keep the future class action lawsuit to a minimum.
But when humans handled it, this was not as much as a problem. That is, the humans did the job, because they recognized the need to do that job.
Sure sometimes accounts could get recovered if a human was tricked, but evidently it was easier to trick the LLM in masse than humans.
In fact it's arguably a feature. The ability of support staff to short-circuit nitpicky rules when there's an obvious external validation happening (e.g. you're on the phone with a user who's presenting ID in real time and correlating it with previous use of the account, etc...) makes for better data quality and happier customers.
Obviously, yes, you can then human-engineer an authentication breach. But that was very difficult, because people are "common-sense careful" in a way we haven't been able to tease out of AI yet.
P.S. Would you like to have our teenager manage your system too? Terms are reasonable! Of course you accept all liability, so better get a good minder - and no, don’t use an AI as the minder, that just introduces a new failure mode.
The author of the post is close to the author of the AI code on the org chart
> however due to a bug in a separate code path, the system did not properly verify
The author of the post is far from the author of this "code path" on the org chart
What I gather is that this internal tool was used by human support agents, and it was their responsibility to verify the email adresses and general validity of a claim.
But when implementing AGI TM that was overseen, maybe the oversight in the separate code path was a 'bug', but the mistake was making the chatbot obviously, if the separate code path had a bug, then it had become ossified into a feature, and it was internal, not exposed to the public.
This is an external communication, to save face sure, but if this is the internal excuse, it would be absolutely the wrong RCA and it reads as if the one who made the mistake is not admitting they made their mistake. Which to be honest, just making the mistake is enough to get fired, but not admitting it is enough to get ultra fired.
The compromises allowed the hackers to take over the person's entire Instagram and any linked accounts, including obtaining contact information, dates of birth, and profile information, as well as the ability to access the person's posts, direct messages, and account activity [...]
the hacks began around April 17 and lasted until this week [...]"
This is staggering.
Meta in a fair world should be forced to financially compensate these people. They built a world where many people basically have to use their products for their jobs and then failed to look after the data because they wanted to replace customer support with a vibe coded AI tool.
It's not that the breach isn't bad, or that Meta is a sympathetic company. It's bad and they're not. I just find it hard to feel outraged about this particular incident affected 1 out of every 10k users of a social media site when we live in a world with citizen's united, qualified immunity, and $300 insulin.
Meta plays fast and loose rushing in unsupervised vibeslop agents to save a penny. They should be significantly penalized for such a massive failure, particularly for how long this exploit was live and for how the victims were unable to get in contact with any human at Meta to restore their account.
You must live in Monaco.
Wikipedia has the United States #80.
https://en.wikipedia.org/wiki/List_of_countries_by_traffic-r...
Company ignores ADR? Sure, now you can go through the legal route and spend copious amounts of money all because a multi billion dollar company knows the game and how to navigate the bureaucratic mess better than you.
(If anyone at Meta/Instagram sees this I wrote a brief blog post with the details. Please help! https://addisonwebb.com/blog/2026-06-05-Can%20Someone%20at%2... )
Meta requires the main account to be created for a person, not a product, business, or non-human entity. That's why you got hit with the "Please confirm you are a human" confirmation and then the account was locked for violating community standards, which require primary accounts to be people.
The community standards page in the links they sent you are pretty dense and it's easy to think you're not violating anything if you're not posting adult content and the other obvious categories. This is the section you violated:
> Create an account that represents a non-human entity, such as a business, pet, or fictional character
You have to follow the steps to set up a business page from your personal account. Sorry you didn't know this before going through the process, but it's important to read the proper channels for setting up business pages on all of the social media platforms these days. They're all dealing with an onslaught of spam and scam pages and they're under a lot of pressure to keep them out.
This is exactly why Meta and other large companies need to be regulated with anti-trust regulations really soon. This whole "whoops sorry you didn't know, but it's a private company" thing only works if there are 5-6 other competitors you can go to that will take your business.
Meta is a de facto monopoly for a lot of small businesses; and should either be broken up or be subject to a ton of utility-style regulation.
If this doesn't work, I'd encourage you to reach out to a brand/ad agency and pay them $100 to ask their meta contact to help you get unblocked. You pretty much have to know someone who knows someone at meta in order to create these.
Tip: Do not post about this on twitter or other platforms - you'll get a ton of automated spam.
Can also try here:
I would not assume those people have contacts with Meta employees. They might have a connection with a contracted worker who does account reviews who is willing to risk their job for a few thousand extra bucks, but I also suspect many of them are just scams. When I scrolled the subforum there were many new accounts claiming to offer 100% success rate for unbans. Easy way to scam desperate people.
And yes I can already hear the reply the “we need it for…” , sure as a company if you feel you need it. As an individual however, it’s time for the next thing. TikTok, Instagram and Twitter are old and worn and not it. Yesterday’s news. Social media couldn’t be less social if they tried.
I would not recommend paying anybody anything for this. The problem was that they tried to create an account for a non-human entity, which is against the rules. You have to have a primary account set up for a person, not a business.
[1]: https://rainermuehlhoff.de/KI-und-der-neue-Faschismus-Reclam...
That's because they require accounts to represent an individual. They're pretty clear that it can't be for a business or a non-human entity. You can set up a professional account from your personal account, but the account has to be for a person.
I'm creating the accounts in Meta Business Suite, so I would have a recourse with my main personal account which can be linked to some adspend, so I'm assuming it will have better support channels than accounts created through an end-user interface.
I used a different email which might have prompted a security review, it was instantly blocked "because it looks like it was created with unauthorized automation", I just clicked on submit a review and it asked for a phone number to verify with a code, and then an ID. I think this is pretty standard, the initial block reason can be whatever, it just works as a de facto way for Meta to manually approve accounts. There's a lot of spam, and scams going on, so it makes sense that they are implementing controls, I for one am happy to differentiate myself from people whose job it is to make multiple accounts and promote fake stories and businesses to scam the elderly or stuff like that.
The only useful reaction to this is to point and laugh.
oh no...Meta what are you doing
...They really ahouldn't have, and I wonder how this will affect all the big AI IPOs. After all, Meta is one of the big players in the space. Surely if they can't do it right, then...
That in turn means three things... it costs a lot of money to have humans look at these tickets, the PR damage from both acting and not acting on such requests can be immense, and users/customers can be anything from the smartest and richest people on the world down to the kind of utter imbeciles whose brains get surpassed by bears [1] or who plainly are not able to write. To make it worse, often enough online services don't have any kind of tie back to some known government-issued ID (either directly or by a proxy such as a mobile phone SIM), there's corruption involved on all levels, and for particularly "juicy" targets the stakes, if they can be converted to a monetary amount at all, can reach into the millions of dollars.
Now, Instagram alone has 3 billion (!) users from across the world, so they are bound to not just having to spend a lot of money on user support (remember, we are talking about the entire world, they also need to deal with about 7.000 (!) actively spoken languages, and having attack targets that are as powerful as US Presidents or as rich as Elon Musk. Clearly, the risk management involved in the entire idea was horribly deficient, but let's not act like this is a trivial problem domain in the first place. And hence the push for AI, simply because it - if done correctly - can take a lot of work off of the first-level support desks for a fraction of the money.
[1] https://velvetshark.com/til/til-smartest-bears-dumbest-touri...
[2] https://www.sapiens.org/language/world-languages-counting-me...
> If we’re going to talk about good software design, we have to talk about Laziness, Impatience, and Hubris, the basis of good software design.
sourced from https://bcantrill.dtrace.org/2026/04/12/the-peril-of-lazines..., where Bryan Cantrill makes the point that:
> The problem is that LLMs inherently lack the virtue of laziness. Work costs nothing to an LLM. LLMs do not feel a need to optimize for their own (or anyone’s) future time, and will happily dump more and more onto a layercake of garbage.
which I think is interesting, albeit somewhat tangential to the current discussion.
Remember the "ChatGPT lazy winter" 2 years ago? (https://hn.algolia.com/?dateRange=all&page=1&prefix=true&que... )
That was truly "lazy", as in "yo... I'm not interested in doing this so I'll half-ass it or just tell someone else to do it".
The kind of "lazy" that is mentioned in your quote is "I don't want to add work to future me's life". I don't think "lazy" is the right word for it.
During development they were likely not thinking of the user experience, nor even the support agent experience, but on their development experience, they asked the LLM to develop the chatbot, and it worked, and the speed was documented and reported upstream so that shareholders invest, if there is any forethought it would go against the narrative of AI becoming the engineer or 100xing productivity.
This is exactly the stupid explanation I expected. Your privacy and security. Meta. Serious Business.
god dang!! we are going to see some juicy stuff
It's like, people abusing an open door. "Guys, just because we left the door open to your bedroom doesn't mean we're responsible".
God can only hope this is a business ending lawsuit.
also this is more like them leaving the keys in the door, then someone comes along, uses the keys, and steals all your stuff.
truthfully, no equipment is actually defective in this scenario eh?
You realize this is the company that enabled a genocide and got away with it? Not to mention accelerating teenager suicides with full knowledge.
Meta believes that they can vibe-code their reputation down the drain by removing humans in the loop.
Applying a technical solution to a social problem almost always ends in disasters like this.
Reputation can’t be vibe-coded.
https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2...
> Date Breach Discovered: 05-31-2026
I've seen some reporting saying exactly that. [0]
It might be a "first-world problem", but having an account lost without appeal can justly be labeled "traumatic", especially if post-COVID it represents a majority of your social (or para-social) life.
[0] https://www.404media.co/hackers-simply-asked-meta-ai-to-give...
Also possibly illegal under GDPR section 22.
People coming in from the street to hang out and rifle through your belongings would still be "abusing" the system according to the law, but it's hard to not consider the landlord somewhat responsible.