Meta confirmed a major security breach affecting at least 20,225 Instagram accounts. Hackers exploited a vulnerability in Meta's AI chatbot to hijack accounts, gaining access to personal information, direct messages, and activity data. The breach began around April 17 and continued until Meta recently secured the chatbot.

The attackers tricked the AI chatbot into sending password reset links to email addresses they controlled, rather than account holders' emails. This worked specifically for accounts without two-factor authentication. Meta's notice revealed the hackers could take over entire accounts and linked profiles, though the company claims it's unaware of what personal information was accessed.

Meta has disabled the AI chatbot and removed the problematic code path that allowed account resets. The company instructed affected users to reset passwords through verified channels. This incident highlights growing security challenges as tech companies rapidly deploy AI systems without adequate safeguards against exploitation.