The flaw, first reported by TechCrunch and detailed by cybersecurity outlet 404 Media, reportedly allowed attackers to trick Meta’s AI support assistant into changing the email linked to a target Instagram account. Once the new email was added, hackers could trigger a password reset and seize control — without phishing links, malware or direct access to the victim’s inbox.
