Cybercriminals were able to receive password reset code to targeted users accounts. They were able to achieve this by tricking MetaAI's support bot through conversation, the bot in return sent reset codes without asking for 2FA directly to the hackers. Meta was able to resolve the security flaw by changing the access the bot has to initiate password resets without strict authorization.
