https://krebsonsecurity.com/2026/06/hackers-used-metas-ai-support-bot-to-seize-instagram-accounts
Hackers have successfully exploited a critical vulnerability in Meta’s AI customer support bot to seize control of high-profile Instagram accounts, including those belonging to the Obama White House and the Chief Master Sergeant of the U.S. Space Force. Instructions detailing the remarkably simple exploit began circulating on Telegram channels on 31 May 2026, accompanied by a video demonstrating how attackers could trick Meta’s AI support assistant into resetting account passwords without proper verification. The technique involved using a VPN connection with an IP address near the target’s usual location, initiating a password reset request, and then manipulating the AI support bot into linking the account to a new email address, after which a one-time reset code was dispatched to the attacker’s chosen address.
Meta moved quickly to contain the damage, confirming on Twitter/X that the issue had been resolved and that affected accounts were being secured. The company pushed an emergency patch over the weekend, with security blog thecybersecguru.com clarifying that no back-end database had been breached. The vulnerability was attributed to Meta’s decision to deploy a conversational AI layer to handle common account recovery workflows, a measure originally intended to reduce friction for legitimate users struggling to regain access to their accounts amid the platform’s notoriously poor human support infrastructure.
AI bots are just as susceptible to social engineering as human support staff, and similar attacks are likely to become far more common. Crucially, the hackers themselves confirmed that their exploit failed against any accounts with multi-factor authentication enabled, so make sure you have MFA setup for all accounts that offer them.