Meta AI Chatbot Bug Exposed ~20K Instagram Accounts to Hackers
A flaw in Meta's AI chatbot let attackers reset Instagram passwords for months, potentially compromising around 20,000 accounts.
Meta's AI chatbot had a nasty vulnerability — and roughly 20,000 Instagram users paid the price.
According to a notice filed with Maine's Attorney General, Meta disclosed that its Meta AI chatbot could be tricked into resetting passwords on Instagram accounts. The catch: it only worked on accounts without two-factor authentication enabled. The abuse started on April 17 and ran for months before Meta patched it.
Anyone could exploit the bug. No sophisticated hacking required — just the right prompt to fool the chatbot into doing the dirty work. Meta has since fixed the flaw.
The incident highlights a growing concern: AI-powered tools bolted onto existing platforms can introduce entirely new attack surfaces. If your Instagram still lacks 2FA, now would be a great time to fix that.