Meta Discloses Instagram Account Recovery Tool Flaw Exposing Over 20,000 Accounts to Password Reset Abuse

Meta disclosed a security incident involving an Instagram account recovery tool flaw that allowed attackers to send unauthorized password reset links to email addresses not associated with targeted accounts. The bug exposed 20,225 user accounts to potential password reset abuse, as stated in a data breach notice filed with the Maine Attorney General’s Office. No specific dates for the incident’s discovery or exploitation were provided, nor were technical details like CVE IDs or attack methodologies disclosed. The impact was limited to the unauthorized distribution of password reset links, though the article did not confirm whether accounts were compromised. The disclosure was reported by Waqas, and Meta Platforms acknowledged the issue affecting the specified number of users.