An AI password-reset flow let attackers hijack 20,000+ accounts

What happened

At least 20,225 Instagram accounts were compromised through an AI-chatbot password-reset path that failed to verify the requester owned the email. The company framed it as a separate-code-path bug; commenters called it a basic missing test. Good material to build — and fact-check — an article around.