Instagram’s AI‑powered recovery chat sent password‑reset emails to attackers, affecting over 20,000 accounts.
The bug let anyone type a recovery request into the chatbot, which then forwarded a reset link to the email address the user entered. Hackers exploited this by supplying their own email, receiving the link, and potentially taking over the account. Meta confirmed the issue after reports surfaced and says it has disabled the faulty flow.
This matters because it shows how conversational AI can be weaponised when input validation is lax. Users trusted the bot as a safe path to recover accounts, yet the system handed over control to anyone who could script a request.
The incident is a reminder that adding AI to security‑critical flows demands the same rigor as traditional code, or the convenience can quickly become a liability.