Hackers Exploit Meta's AI Chatbot to Hijack Instagram Accounts, Including High-Profile Profiles

Hackers exploited a vulnerability in Meta's AI support chatbot used for Instagram account recovery to hijack accounts by tricking the bot into changing linked email addresses, according to multiple sources ^{[1, 2, 3, 4, 5, 6, 7, 8, 9]}.

Attackers bypassed Instagram’s location security by using VPNs to spoof IP addresses matching the victim's usual region, helping evade detection ^{[1, 2, 3, 4, 10, 6, 7, 8, 9]}. They would initiate a password reset, then use the AI chatbot to add a new email under their control, receive verification codes, and reset passwords without access to the original email linked to the account ^{[1, 2, 3, 4, 5, 6, 7, 8, 9]}.

The exploit affected high-profile and verified Instagram accounts, including the official Barack Obama White House account—inactive since 2017—which was briefly defaced with pro-Iranian images and messages during the incident. Accounts belonging to US Space Force Chief Master Sergeant John Bentivegna and the cosmetics brand Sephora were also targeted ^{[1, 2, 3, 4, 11, 6, 7, 8, 9]}.

Security researcher Jane Manchun Wong said, "The password got changed without my knowledge and I was getting different password reset attempts throughout yesterday. Quite concerning" ^[1]. The exact number of compromised accounts remains unclear, as Meta has not publicly disclosed the full impact ^{[1, 4, 12, 11, 5, 6, 9]}.

The exploit had been active and discussed in hacker and security communities since at least February or March 2026, shortly after Meta deployed the AI support assistant globally for Facebook and Instagram account recovery in March ^{[3, 5, 9]}. After hackers circulated instructions on Telegram on how to use the vulnerability at the end of May, Meta applied an emergency patch between May 29 and 31 ^{[2, 3, 4, 5]}.

Meta spokesperson Andy Stone said, "This issue has been resolved and we are securing impacted accounts" ^{[1, 6]}. Cybersecurity experts criticized Meta’s reliance on AI without sufficient identity checks. Jake Moore of ESET said, "Unfortunately, social media platforms have focused on AI innovation before toughening up their users' account security, meaning criminals and hackers will inevitably, and continually, take advantage of it" ^[11]. Hacker Minded’s Tom Van de Wiele added, "Meta deployed an AI agent to handle customer support globally, but failed to implement hard constraints on what that AI could actually access and change" ^[11]. Surfshark's Tomas Stamulis compared the AI assistant to "an inexperienced employee" who lacks the judgment a human might exert ^[11].

One commentator noted the ease of exploitation: "All the attacker needs to kick this off is your account username. Then, they hop on a VPN or proxy close to your city so Instagram’s security algorithms don’t suspect a thing. ... And the worst part is that this isn’t even a hack; this is ‘AI’ working entirely as intended" ^[10].

Some hijacked Instagram accounts, including those with short or desirable names, have fetched over half a million dollars on gray markets ^{[2, 3, 11]}. Public reports and media coverage increased around June 2-3 as affected users shared their experiences. Meta confirmed attempts to secure accounts after fixing the vulnerability by June 1-2 ^{[12, 11, 6, 9]}.