The Meta-owned platform said on Monday that it had uncovered and stopped a series of spear-phishing attempts linked to NSO after receiving reports from users.

According to WhatsApp, the attackers tried to lure targets into clicking malicious links that directed them to websites outside the app.

“They tried to trick people into clicking on malicious links to drive them to external websites outside of WhatsApp,” the company wrote. “We also caught them creating test accounts and groups on WhatsApp, which we took down.”

WhatsApp said the operation shared similarities with another campaign uncovered in Jordan in 2024. In that case, victims who clicked malicious links were infected with Pegasus, NSO Group’s spyware.

Following its latest findings, Meta has asked a US federal court to hold NSO in contempt, arguing that the company breached a permanent injunction issued during a long-running case between both firms.

The court order stemmed from a 2019 hacking campaign in which more than 1,400 WhatsApp users were targeted through the platform. After discovering the breach, WhatsApp alerted affected users and filed a lawsuit against NSO.

A jury later ordered the spyware maker to pay $167 million in damages. That amount was subsequently reduced to $4 million.

The latest court filing is another chapter in an issue that has lasted several years and drawn attention to the high use of commercial spyware around the world.

NSO Group has been repeatedly cautioned over Pegasus, a surveillance tool capable of infiltrating mobile devices through so-called “zero-click” and “one-click” attacks. 

Investigations by journalists, security researchers and technology companies have linked the spyware to operations targeting journalists, activists, dissidents, human rights defenders and political opponents in several countries.

WhatsApp said it has continually exposed suspected spyware campaigns, notified victims and strengthened protections for users who may face a higher risk of digital surveillance.

Other technology companies, including Apple and Google, have also introduced additional security measures designed to help protect users from advanced spyware attacks.

Meta’s latest legal action has attracted support from civil society groups. A coalition of 12 civil rights organisations, privacy advocates and security researchers has filed court briefs backing the company’s position and urging the court to maintain pressure on NSO.

The spyware maker is also still under pressure from the US government. NSO is still listed on the US Commerce Department’s Entity List, a designation that restricts its access to American technology.

Washington has imposed similar measures on other spyware firms, including Intellexa and its founder.

In 2025, a group of US investors acquired NSO and began efforts to rebuild the company’s reputation while seeking the removal of US restrictions. However, the company remains on the Commerce Department blocklist.

The NSO Group did not respond to requests for comment on the latest allegations from WhatsApp.

The attack involved manipulating Meta’s AI support tool into resetting account credentials without properly verifying identity.

In some cases, attackers were able to take over accounts linked to the Obama-era White House Instagram page, beauty retailer Sephora, and a senior U.S. Space Force official.

The accounts were not breached through Meta’s core systems. Instead, hackers targeted the chatbot’s decision-making process, using what cybersecurity experts describe as prompt injection techniques, combined with VPN tools to mimic the location of the account holder.

Once inside the recovery flow, attackers reportedly asked the AI to link new email addresses to targeted accounts. The chatbot then sent verification codes to those emails. After that step, password resets followed.

A security researcher familiar with the incident described how quickly access could be lost and regained. Jane Manchun Wong, a former Meta employee whose account was affected, said in a post on X: “Quite concerning,”.

She also reported repeated password reset attempts and a brief lockout before regaining access.

Posts on social media showed users discussing similar takeovers. Some said they were locked out without warning, while others complained about the lack of human support during recovery.

Meta confirmed the issue had been addressed. Andy Stone, a spokesperson for the company, said: “This issue has been resolved and we are securing impacted accounts,”. In a separate response, he said claims that world leaders’ accounts were compromised were “totally false”.

One of the affected accounts linked to the Obama-era White House page briefly posted content before being recovered, according to reports by 404 Media. The page has been inactive since 2017.

Meta introduced the Instagram AI support chatbot in March 2026. It was designed to handle account recovery and reduce reliance on human support, an area where users have long complained about delays and limited access.

However, the incident has drawn attention to the risks of giving automated systems control over sensitive actions. Security specialists say the problem lies in how these tools are authorised.

Brian Westnedge, vice president for alliances and partnerships at cybersecurity firm Red Sift, said: “This is a foundational architecture failure. The model was given privileged actions without privileged access controls.”

He added that the situation reveals the pressure on Meta, which has cut staff while investing heavily in artificial intelligence systems.

Cybersecurity experts have also warned that the issue is not limited to one company. Prompt injection attacks have appeared in other systems since the rise of AI chatbots after 2022.

Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance, said: “The concern isn’t necessarily AI itself, but whether adequate safeguards exist around what the AI is authorised to do.”

Engin Kirda, a professor at Northeastern University, said attackers are now targeting systems rather than individuals. He noted: “In the past, people were targeted by scams. Now, we are seeing agents being targeted by scams.”

Meta shares fell by more than 5% after reports of the breach, as investors are concerned about the company’s AI spending plans, which are expected to reach up to $145 billion.

The company says it has secured affected accounts and patched the vulnerability. It has not provided further technical details on how the exploit was carried out.

This quagmire amidst the economic crises faced has left many Nigerians frustrated. A few Nigerians have spoken out on Twitter, calling out banks like Providus and Kuda for blocking their accounts in the wake of the Flutterwave hack, which occurred in February but was reported in March. 

This is not the first time the fintech company has been enmeshed with such scandalous reports. Last year, TechEconomy reported how a Kenyan court also indicted Flutterwave in a fraud and money laundering investigation conducted by Kenya’s Asset Recovery Agency.

Accounts Frozen

Samuel O. Akinola, an entrepreneur, tweeted that his account was blocked by Kuda even after submitting all documents to ascertain the legality of his transaction.

According to him, Kuda locked my account, claiming Flutterwave said its system was hacked even after it denied it! “Who is the liar exactly? Who is the thief.”

Another Kuda customer identified as Dickson Solomon said on Twitter that his account was placed on a lien.

“If Flutterwave account has not been hacked, then why report my bank account to @kudabank to place a lien on my bank account? I don’t have any biz with Flutterwave. Why report my bank account?” he tweeted.

Nnajiofor Ikechukwu also complained that Providus Bank froze his account in relation to the hack. He wrote “please help victims like us resolve this matter, Flutterwave was hacked and sent an order to freeze my Providus bank account and they are here denying it.

A Twitter user said in an effort to recover her funds, it all resulted in a back and fourth message with Kuda

“After a back and forth emails with Kuda from one of the people I paid they revealed to me that Flutterwave disputed the funds that someone hacked into their system and distributed the funds to me which I later did to the person I paid.”

Flutterwave Denies Being Hacked

An official statement by Flutterwave denies the hack saying, “we identified an unusual trend of transactions on some users’ profiles. 

Our team immediately launched a review (in line with our standard operating procedure), which revealed that some users who had not activated some of our recommended security settings might have been susceptible.”

The statement adds that Flutterwave was able to address the issue before any harm was done to its users.

“We want to confirm that no user lost any funds, and we take pride in the fact that our security measures were able to address the issue before any harm could be done to our users.

Our commitment to keeping our users’ financial information safe and secure is why we invest heavily in security initiatives such as periodic audits, certifications, and licenses such as the PCI-DSS & ISO 27001. 

These are in line with global best practices in information security management.”

The 2022 NGO Forum in Banjul, Gambia featured a session that was organized by Media Rights Agenda (MRA) in association with Global Partners Digital (GPD), a London-based organization. The session urged the African governments to participate more actively in the international treaty and policy-making process.

Additionally, the delegates asked that the states boost African civil society actors’ understanding of and participation in UN cyber processes related to responsible state behavior in cyberspace.

The one-day meeting was held on the margins of the 73rd Ordinary Session of the African Commission on Human and Peoples’ Rights, and the 35th commemoration of the Commission currently taking place from October 20 to November 9, 2022.

Facilitated by the Head of MRA’s Legal Department, Ms Obioma Okonkwo, and Ms Thobekile Matimbe, the Partnerships and Engagement Manager of Paradigm Initiative, the session was attended by representatives of African civil society organizations from across the continent.

In the resolutions adopted at the end of the session, they called on African governments to play a more active role in the ongoing work of the UN Open-Ended Working Group on the security of and in the use of information and communications technologies (OEWG), in order to ensure that African perspectives and voices are well-reflected in the outcome of the process while also protecting the interests of African countries and their citizens.

The participants suggested that in engaging international treaty and policy processes, African governments should build multi-stakeholder partnerships and delegations in order to ensure that the diverse competencies and expertise among the different stakeholder groups, which exist at the national and regional levels, are adequately harnessed to advance and protect African interests.

They called for greater collaboration between African governments and civil society organizations to create awareness among citizens and the entire populations of African countries of cybersecurity issues as the involvement and engagement by ordinary citizens are critical to the successful campaign for and realization of cybersecurity.

With approximately 2.93 billion monthly active users as of the first quarter of 2022, Facebook is the most used online social network in the world. It has also become a huge destination for hackers to launch attacks. Users who do not often change their Facebook passwords risk being hacked.  

A check by TechEconomy on Google shows that the key phrase “how to change Facebook password” records over 10,000 average monthly searches in Nigeria. There are other related search phrases that also amount to the same number of searches. These figures indicate that Facebook users are constantly searching to see how to beef up their security online. 

​Updating and periodically changing your Facebook password ​makes it more complicated for any hacker who is trying to log in. Cybersecurity experts have always advised Facebook users to change their passwords at intervals. 

In January 2022, it was reported that the private and personal information of over 1.5 billion Facebook users was allegedly being sold on a popular hacking-related forum. The exposure of this data becomes a target for cybercriminals globally. 

​Any hacker with the right tools can hack a Facebook account, but it’s solely dependent on how secure the person makes, their account in the settings.

​Sometimes, it might just take ​just a few seconds ​to hack into someone’s account. A hacker might just pretend to be “Facebook Support” and get ​any user to give ​their​ password, or allow a remote session.

​Although Facebook has been providing updates to make the platform more ​secure, there are still plenty of users ​who do apply measures. They keep defaulting, using the same password for everything, and falling for obvious scams.

If there were no​ security ​flaws​ on your end as a user, it will​ take forever, for hackers to break into your Facebook account.​ But when you default by giving away too much information, you are open to being hacked.

Jay​ ​McQuiggan who leads security awareness at KnowBe4,​ noted ​”the most dangerous information that you can put out there relates to password reset questions​.​ So things like mother’s maiden name, schools, street, etc.

“Also, it’s essential to realize that information that people post may target those around them.​ ​So parents posting excessive information about their children can be used against their children as opposed to the parents.”

He said: “Any information publicly posted can be used by criminals.

“Even seemingly trivial information can be put together to build a better picture of the victim.”

How ​To ​Reset ​Y​our Facebook ​Password ​On ​A computer 

Once logged in, click the dropdown tab icon in the top right corner

Click “Settings” from the “Settings & Privacy” tab

Select “Security and Login” 

Select “Edit” next to “change password” 

Type your current password followed by your new password 

Select “Save Changes”

How to ​R​eset ​Y​our Facebook ​P​assword ​On Facebook iOS ​App

Open the Facebook app and tap the icon displaying three stacked horizontal lines in the bottom right 

Tap the settings tab and choose “Settings & privacy” 

Select “Security and Login” then select “Change password.” 

Enter your current password, then enter your new password twice 

Tap “Save changes” 

How ​T​o ​R​eset ​Y​our Facebook ​P​assword ​O​n​ ​Facebook Android ​A​pp 

Open the Facebook Android app and tap the icon displaying three stacked horizontal lines in the top right corner

Tap the settings tab and choose “Settings & Privacy”

Select “Security and Login” then select “Change password.” 

Enter your current password, then enter your new password twice 

Tap “Save changes”