Attackers exploited Meta’s AI support chatbot to reset Instagram passwords and hijack accounts without accessing victims’ email inboxes.
Attackers abused Meta’s AI-powered support chatbot to reset Instagram passwords and hijack accounts without accessing victims’ email inboxes. The issue affected several users, including high-profile accounts, before Instagram fixed the flaw. Security researcher Jane Wong and other users reported the hack of multiple accounts by exploiting this vulnerability.
“Instagram has resolved a security issue that allowed several users’ accounts to get hacked.” reported TechCrunch.”The attack appeared to rely on tricking Meta’s own AI-powered support chatbot into granting access to a victim’s account.”
What makes this story remarkable is how little sophistication was required in the attack.
The incident came to light after reports spread across Reddit, X, Telegram, and security circles that Instagram accounts were being hijacked through Meta’s AI-powered support workflow.
LIVE: Instagram hack is going on and guys are hacking accounts currently on live.
AI at Meta sucks lol. Look at Whats happening pic.twitter.com/zSqvXDa1JY
— Bahram Sahbani (@bahrambiz) May 31, 2026
Among the affected accounts were the dormant Obama White House Instagram account and the account belonging to U.S. Space Force Chief Master Sergeant John Bentivegna.
Attackers reportedly exploited Meta’s AI support chatbot to hijack Instagram accounts by adding their own email addresses during the password reset process.
The technique, shared on Telegram, was allegedly used to compromise the accounts. The popular cybersecurity journalist Brian Krebs confirmed that the accounts linked to the Obama White House and a senior U.S. Space Force official were briefly defaced with pro-Iranian content. KrebsOnSecurity reported that instructions for exploiting the flaw began circulating widely on Telegram channels on May 31.
According to videos circulated on Telegram and X, attackers didn’t need malware, stolen credentials, or a novel exploit. They allegedly started a password recovery process, used a VPN to appear close to the victim’s usual location and avoid triggering Meta’s automated location-based protections, and then opened a conversation with Meta’s AI Support Assistant.
Once the AI assistant accepted the request, the rest of the process unfolded exactly as designed. From there, they simply asked the chatbot to add a new email address to the target account.
“A video released on Telegram by pro-Iran hackers claimed to document a remarkably simple exploit that appears to have involved using a VPN connection with an IP address that is in or near the target’s usual hometown, requesting a password reset for the account, and then choosing to chat with Meta’s AI support assistant.” wrote Krebs. “From there, the video shows the attacker told the bot to link the account in question to a new email address, after which the bot dutifully sent that address a one-time code that allowed a password reset.”
The bot then sent a verification code to the attacker’s email address. The attacker provided that code back to the chatbot, received a password reset option, chose a new password, and took control of the account. At no stage did they need access to the legitimate owner’s email inbox.
— Dark Web Informer (@DarkWebInformer) June 1, 2026
TechCrunch verified that the verification code was indeed delivered to the attacker’s publicly visible mailbox shown in the demonstration video.
“TechCrunch was able to verify that the hacker’s public email mailbox, which was displayed in the video, effectively received the verification code.” continues TechCrunch. “The attack relied on the fact that at no point the hacker had to take over the legitimate email address linked to the victims’ Instagram account.”
That’s the uncomfortable part. The attackers didn’t break authentication. They only tricked the support process to work against its own purpose.
On Monday, company spokesperson Andy Stone confirmed that the vulnerability had been resolved and that affected accounts were being secured. The company has not disclosed how many users were impacted.
The incident highlights a broader challenge facing every company rushing to automate customer support with AI. Password recovery, account ownership verification, and identity management are among the most sensitive functions on any platform. Humans can be manipulated through social engineering. AI systems can be manipulated too. The difference is that AI can make the same mistake thousands of times without getting tired, suspicious, or asking a supervisor for help.
There is one practical lesson that stands out. According to reports, the attackers themselves acknowledged that accounts protected by multi-factor authentication largely resisted the technique. In this case, even SMS-based MFA, which security professionals often view as the minimum acceptable option, would likely have blocked the account takeover.
The bigger question goes beyond Instagram. Every major technology company is embedding AI into support, identity verification, and account recovery workflows. This incident shows that when an AI assistant gains the authority to change account ownership details, it also becomes part of the security perimeter. And security perimeters have a habit of attracting attackers.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Meta)
