Today’s Menu (30-second skim)
- Instagram users got locked out after hackers tricked Meta’s AI support chatbot: a fake recovery path let attackers bind accounts to their own email addresses.
- World Cup ticket scams are already live before kickoff: fake ticket pages and fake login screens are targeting fans before the tournament starts.
- Ultrahuman says hackers accessed customers’ wellness data after employee malware infection: a stolen login gave attackers access to sensitive health-related information.
1) Instagram users got locked out after hackers tricked Meta’s AI support chatbot
What happened (plain English): Hackers found a way to use Meta’s AI support chatbot to make account-recovery changes that helped them take over other people’s Instagram accounts. In the reported attacks, the account got linked to an email address controlled by the attacker, which made it possible to reset the password and lock the real owner out. Meta says it fixed the issue, but reports suggest some users were still seeing fallout afterward. In simple terms, the scam worked because the recovery process trusted the wrong thing.
Why it matters to you: Social media accounts are not just for photos anymore. If someone gets into your Instagram, they can impersonate you, message friends, run scams, or sell the account. Recovery-related attacks are especially nasty because they can defeat a password even when the victim did nothing obviously wrong. One bad support interaction can turn into a full account takeover.
How to protect yourself (do this):
- Turn on two-factor authentication and save your backup codes.
- Check the recovery email and phone number on your account and remove anything you do not recognize.
- If you get an account problem message, open Instagram yourself instead of trusting a support link or chat.
- Use a unique password so one leaked login does not domino into other accounts.
Published: 2026-06-03
Source: TechCrunch
2) World Cup ticket scams are already live before kickoff
What happened (plain English): Security researchers and the FBI warned that fake World Cup websites are already targeting fans before kickoff. The scam ecosystem includes thousands of lookalike FIFA pages, fake ticket checkouts, and bogus login screens. Some of the scams also push pirate streaming apps that can install banking malware, and others push crypto payments so the money is harder to recover. In plain English, criminals are building the same old trap with a fresh sports logo.
Why it matters to you: People get more careless when tickets are scarce and deadlines are short. That is exactly when fake sites work best. If you click the wrong ad or social post, you can lose money, lose access to a ticket account, or hand over payment details to criminals. A rushed purchase is what the scam is counting on.
How to protect yourself (do this):
- Buy tickets only from FIFA’s official site or from sellers you already know are legitimate.
- Type the site address yourself instead of clicking a link in an ad, post, or forwarded message.
- Walk away if a seller wants crypto, gift cards, or a weird payment app.
- Do not install a streaming app just because a link says it is the “official” one.
Published: 2026-06-05
Source: The Hacker News
3) Ultrahuman says hackers accessed customers’ wellness data after employee malware infection
What happened (plain English): Ultrahuman said hackers got into an internal analytics system after malware stole an employee’s login credentials. The company said the exposed information involved wellness data for a small slice of customers. Passwords and payment info were not reportedly exposed, but the incident still involved sensitive health-related data. Even when the breach is smaller than a headline-grabbing mega leak, the data can still be useful to scammers.
Why it matters to you: Health and fitness data can reveal routines, habits, and private details about your day. That makes later phishing or extortion attempts sound more believable because the criminal can reference real personal info. The risk is not just embarrassment – it is also identity abuse and targeted scam attempts. If your app knows a lot about you, thieves may want it for the same reason marketers do.
How to protect yourself (do this):
- Use a unique password for health and fitness apps, and turn on two-factor authentication if available.
- Be skeptical of emails or calls that mention your wearable, sleep data, or account details after a breach.
- Review what personal data your devices collect and delete anything you do not need stored.
- Watch for follow-up messages that pressure you to click, log in, or “verify” anything.
Published: 2026-06-03
Source: TechCrunch
Grandma’s Firewall
This week’s simple rule: Never sign in through a link from an ad, message, or surprise support chat. Open the app or type the website name yourself.
Two scripts you can steal:
- “I am not logging in from this link. I will open the app myself and check there.”
- “If this is really from the company, I can find it on the official website without using your message.”
Share this: Forward it to the person who clicks the first urgent link they see.
Philip | Human In[Security]
![Human In[Security] Die-cut stickers](https://humaninsecurity.com/wp-content/uploads/2026/01/die-cut-stickers-satin-6x6-front-697d1d26150e0-300x300.jpg)
![Human Network In[]Security Cotton Heritage MC1082 I Men's Premium Short Sleeve Tee](https://humaninsecurity.com/wp-content/uploads/2026/01/cotton-heritage-mc1082-i-mens-premium-short-sleeve-tee-vintage-white-front-697d1df2a58b4-300x300.jpg)
![Official Human In[Security] Unisex Hoodie](https://humaninsecurity.com/wp-content/uploads/2026/01/cotton-heritage-m2580-i-unisex-premium-pullover-hoodie-carolina-blue-front-697d24c26e85b-300x300.jpg)