Meta confirms thousands of Instagram accounts were hacked by abusing its AI chatbot
Summary
Meta disclosed a vulnerability in its AI-assisted account recovery that allowed attackers to trigger password resets on Instagram accounts without proper email verification, hijacking thousands of accounts that lacked 2FA. Meta disabled the AI chatbot, removed the exploitable code path, and advised impacted users to reset passwords; the incident underscores the importance of robust recovery controls and MFA for SMBs.