Image: Meta
Hackers likely took over 20,225 Instagram accounts using Meta's AI support chatbot, the company confirmed in a notice filed with the state of Maine. In the notice, spotted earlier by Bleeping Computer, Meta blames a "bug" for the exploit that allowed attackers to hijack accounts without two-factor authentication simply by asking the chatbot for a password reset:
The tool itself worked properly and functioned as intended; however due to a bug in a separate code path, the system did not properly verify that the email address provided by the individual requesting a password reset matched the email address associated with that user's Instagram …