Meta notifies 20,225 of Instagram account hijacks

Meta confirmed 20,225 Instagram accounts were hijacked via a vulnerability in its AI-assisted password reset system. Hackers exploited a bug that allowed them to reset passwords by tricking the chatbot into sending verification codes to a fake email address. The compromise enabled access to profile data, direct messages, and linked accounts including contact details and birth dates. The breach affected users without two-factor authentication and was discovered earlier this week. Meta filed the notice with Maine's attorney general's office.