Hackers exploited a vulnerability in Meta‘s AI-powered customer support chatbot over the weekend of May 31 to seize Instagram accounts — including the dormant Obama White House handle and the official account of the Chief Master Sergeant of the Space Force — after step-by-step instructions for the attack began circulating on Telegram. Meta said it has patched the vulnerability.
How It Happened
The method was entirely social — no malware, no phishing infrastructure, no stolen credentials required. Attackers started by spoofing their location via a VPN, using an IP address near the target’s home region to pass Instagram’s location-based fraud filters. From there, they triggered a password reset and switched to a live chat with Meta’s AI Support Assistant. They told the bot to add a new email address to the account. The bot complied, sending a one-time verification code to the attacker’s inbox and handing over effective control of the account.
The exploit failed against every account with any form of multi-factor authentication enabled, including basic SMS codes. Accounts without MFA were fully exposed.
What Was Compromised
Confirmed compromises included: @obamawhitehouse, an archival account documenting Obama’s presidency with 2.4 million followers that has sat dormant since its last post on January 20, 2017 — the day Trump was inaugurated — which attackers seized and defaced with pro-Iranian content.
Also compromised was the official account of Chief Master Sergeant of the Space Force John F. Bentivegna, which posted pro-Iranian imagery alongside Vietnam War-era propaganda audio — including a broadcast from “Hanoi Hannah” used as an anti-American psychological warfare tool during the Vietnam conflict.
Short-handle “OG” accounts @hey and @jowo, whose combined value on underground markets crypto-crime researcher ZachXBT estimated above $1 million, were also taken.
So was the official Sephora Instagram account. Security researcher Jane Manchun Wong also reported that her account was taken over overnight.
Bentivegna acknowledged the breach on Facebook and told followers not to engage with content posted by the attackers. “We are working with the appropriate teams to regain access and resolve the issue as quickly as possible,” he said. A Space Force spokesperson confirmed the hack but declined to say who was responsible or how long the defaced content remained visible.
The breach follows a March incident in which Iranian hackers accessed the personal email account of FBI Director Kash Patel — part of a sustained cyber propaganda campaign targeting senior US officials during the ongoing US-Iran conflict.
Read: FBI Director Kash Patel’s Personal Email Hacked in Iran-Linked Cyberattack
Attackers listed stolen handles for resale on Telegram-based account-takeover broker channels almost immediately after each compromise, with listings updating in near real time.
How Meta Responded
“We fixed an issue that allowed an external party to request password reset emails for some Instagram users,” Meta said in a statement. The company pushed an emergency patch on Friday night and clarified that no backend database was breached. VP of Communications Andy Stone confirmed on X that Meta was securing impacted accounts.
Meta did not say how many accounts were affected or how the bot was permitted to modify account credentials without identity verification.
Ian Goldin, a threat researcher at Lumen’s Black Lotus Labs, said the industry is entering uncharted security territory as large platforms delegate sensitive account recovery to AI chatbots. Just as human support staff can be socially engineered into providing unauthorized access, AI bots carry the same vulnerability to persuasion and manipulation. “AI chatbots create interesting new attack surface, and we’re likely going to see a lot more of these kinds of attacks,” Goldin said.
The Deeper Problem
Meta deployed its AI Support Assistant to reduce friction for legitimate users locked out of their accounts — handling common recovery workflows such as relinking a lost email address, triggering a password reset, and verifying account ownership. The same convenience that made it useful made it exploitable.
Security researchers tracking the spread reported that Telegram channels sharing exploit instructions reached more than 15,000 members within 72 hours of the first video, illustrating how quickly a design flaw in a consumer AI system can scale from an isolated incident to a mass attack vector.
Meta has not said whether it will restore affected accounts. Among those who lost access was Korn (@kornbuilds on X), a Meta Verified creator whose Instagram handle @korn — his sole source of income — attackers stole and Meta subsequently disabled. He spent six hours attempting to reach human support and received only broken links from Meta’s AI support bot.
“We’re at the point where one AI stole it and another can’t fix it, zero humans in the loop anywhere,” he wrote on X.
Information for this story was found via the sources and companies mentioned. The author has no securities or affiliations related to the organizations discussed. Not a recommendation to buy or sell. Always do additional research and consult a professional before purchasing a security. The author holds no licenses.
