Meta's AI chatbot reset Instagram passwords for anyone who asked

Meta is notifying at least 20,225 people that their Instagram accounts were taken over by hackers who abused the company's AI chatbot, according to a data breach notice filed with Maine's attorney general and reported by Zack Whittaker's this week in security newsletter.

The mechanism was blunt. The chatbot's AI-assisted account recovery flow would perform a password reset on request, and a bug in a separate code path meant the system never checked that the email address supplied by the requester matched the one on the account. Ask for a reset, give your own email, receive the victim's reset link. Only accounts without two-factor authentication were exposed, and Meta maintains "the tool itself worked properly and functioned as intended."

The campaign ran from around April 17 until this week, giving attackers roughly seven weeks of access to victims' messages, contact details and linked accounts. Meta has disabled the chatbot, removed the code path that let it reset accounts, and says it is auditing its other chatbots. It is a clean case study in why agents with account-recovery powers need the same verification discipline as the humans they replace.