I know that HN requests that we don't editorialize the titles, but I feel like the article title for this thread better expresses what's happened at a glance than the "goofy exploit" article.
When the title is too editorial HN staff will fix the title to be more accurate. But probably only if you email hn@ycombinator.com and ask for it! There is too much volume day in and day out to keep up with.
This simultaneously seems like: 1) such an obvious attack vector that it is extreme negligence to not have had planned for appropriate security protections against this, and 2) the most obvious outcome for Meta to be this security lax and stupid. If it doesn't hurt their ad sales, it doesn't matter to Meta.
But this is a blatant misapplication of the technology in an obviously sensitive use case with an implementation that's so exploitable the people driving it have certainly never heard the term "jailbreak" once in their lives.
Reminds me of a consulting call that I had with a very large internet provider about their new agentic chat support system.
"We're going to start with the request routing layer and move that to AI agents, and then work though the individual services."
I thought it was a wild architectural decision that they would choose to roll every single action that the system handled through an experimental layer. My advice was to start with a safe, repeatable process to validate the effectiveness in the wild, and then expand in the same manner, bringing edges in as they had "solved" the individual implementations.
So, while this is almost the exact opposite of that, choosing a high-value target with real repercussions as their leaf implementation still baffles me. Step zero of any AI integration plan should be prioritization. Companies are routinely failing at this very simple, not-even-technical aspect.
Instagram auth flow is still hosed as I write this. If I try to sign on via web to my account, which was "recovered" yesterday at least 8 times by me and by hackers, I get the most obnoxious recaptcha treatment I've ever seen with 4-6 different pages of "click the motorcycle" where all 16 squares contain motorcycles, and after I deal with that for several minutes it still just hangs on "we will now redirect you".
Have you seen Meta or Instagram AI code? It is horrible. No one understands the whole PyTorch any more.
This is probably a vibe coded feature by someone who had to meet his minimum token quotas.
Or some genius who implemented a "sandbox" and thought that this time, this sandbox will work unlike all other sandboxes in history.
Instagram is of course even worse, since even the Python core developers there use all sorts of hacks. It is not clear if Python is involved in the login system though, but the culture is awful.
The newest Instagram “exploit” is the goofiest I've seen
https://news.ycombinator.com/item?id=48359102 - 180 comments
And, yes, the current tech is pretty dumb.
But this is a blatant misapplication of the technology in an obviously sensitive use case with an implementation that's so exploitable the people driving it have certainly never heard the term "jailbreak" once in their lives.
Reminds me of a consulting call that I had with a very large internet provider about their new agentic chat support system.
"We're going to start with the request routing layer and move that to AI agents, and then work though the individual services."
I thought it was a wild architectural decision that they would choose to roll every single action that the system handled through an experimental layer. My advice was to start with a safe, repeatable process to validate the effectiveness in the wild, and then expand in the same manner, bringing edges in as they had "solved" the individual implementations.
So, while this is almost the exact opposite of that, choosing a high-value target with real repercussions as their leaf implementation still baffles me. Step zero of any AI integration plan should be prioritization. Companies are routinely failing at this very simple, not-even-technical aspect.
This is probably a vibe coded feature by someone who had to meet his minimum token quotas.
Or some genius who implemented a "sandbox" and thought that this time, this sandbox will work unlike all other sandboxes in history.
Instagram is of course even worse, since even the Python core developers there use all sorts of hacks. It is not clear if Python is involved in the login system though, but the culture is awful.
Kinda like how it ain't "breaking & entering" if you found the victim's diamond necklace in a plastic bin sitting at the curb.
Sounds like exploiting a system to access unauthorized data to me. I'd call it hacking.