NEWS
Meta Secures Instagram Accounts After AI Chatbot Hack
Hackers tricked Meta’s AI support chatbot into swapping account emails and resetting passwords to hijack Instagram profiles. Here is how the attack worked.
Meta is securing Instagram accounts after hackers used the company’s own AI support chatbot to seize control of profiles, among them the dormant Obama-era White House handle and the page of a senior U.S. Space Force leader. No password was cracked. The attackers asked the Meta AI Support Assistant to add a fresh email address to a target account, then reset the login from that new address and locked the real owner out.
The assistant was built to speed account recovery, the slow part of getting locked-out users back online. Over the final weekend of May, it became an entry point for attackers instead. Andy Stone, a Meta communications executive, said the company has fixed the flaw and is securing affected accounts.
What Happened to Instagram Accounts Over the Weekend
The takeovers picked up speed after step-by-step instructions began circulating on Telegram around May 31. Within hours, well-known accounts were changing hands, and several were defaced with pro-Iranian imagery. The targets sorted into two groups: prestige handles with name recognition, and short, premium usernames that fetch real money on resale markets.
Here are the accounts publicly tied to the incident so far.
| Account | Who it belongs to | What happened |
|---|---|---|
| Obama White House handle | An official account from the Obama administration, inactive since 2017 | Briefly taken over and defaced |
| Chief Master Sergeant of the Space Force | John Bentivegna, the U.S. Space Force’s top enlisted leader | Hijacked, defaced with pro-Iran content |
| @hey, @korn | Short, high-demand usernames | Seized; prime resale targets |
| Sephora | Cosmetics retailer | Reported compromised |
| Jane Manchun Wong | App researcher and former Meta employee | Account taken over despite security settings |
Meta has not said how many ordinary accounts were hit, and it has not named anyone behind the attacks. The high-profile names drew attention, but the method did not care about follower counts.
How a Support Bot Was Talked Into a Takeover
The exploit needed no malware and no stolen credentials. It needed a chat window and the right wording. The bot did the rest.
The Email Swap at the Center of It
The whole attack turned on one action: getting the assistant to add a new email address to the target’s account. Meta promotes the chatbot through its own page for the AI support assistant it rolled out for account recovery, pitching it as offering solutions rather than canned suggestions, including for account security. Attackers turned that promise against the people it was meant to protect. The flow ran like this:
- Connect through a virtual private network (VPN, a tool that masks your real location) using an IP address near the target’s usual hometown, to avoid Instagram’s automated fraud flags.
- Start a password-reset request and choose the option to chat with the Meta AI Support Assistant.
- Ask the bot to link a new email address, the attacker’s, to the target’s username.
- The bot sends a one-time code to that attacker email; the attacker reads it back into the chat.
- The bot then shows a Reset Password button, and the attacker sets a new password.
At no point was a password guessed or phished. No Instagram password was ever cracked. The owner simply stopped being able to log in.
A VPN to Look Like the Victim
The location spoof mattered. Instagram’s automated systems treat a recovery attempt from an unfamiliar country as a red flag. By routing through an IP address in or near the target’s normal area, attackers slipped past that first tripwire before the conversation with the bot even started. It made the request look routine.
Did Two-Factor Authentication Stop It?
This is where the accounts disagree. Some of the hackers claimed their trick failed against any account with two-factor authentication (2FA, a second login check beyond the password) switched on. Other reports say accounts with multi-factor authentication (MFA) were still compromised, and Jane Manchun Wong, who works on app research and previously worked at Meta, said her account was taken over and its password changed even though she had extra login protection enabled. A few reports also describe attackers defeating selfie-style identity checks with AI-generated video of the target’s face, though that detail rests on fewer sources. For now, federal guidance on turning on multi-factor authentication still treats it as a strong baseline, and it appears to have blocked at least some of these attempts.
Why Meta Gave Its Chatbot Password-Reset Powers
Meta switched on the AI support assistant across Facebook and Instagram earlier this year, handing it the ability to relink lost emails, trigger password resets, and verify who owns an account. The selling point was speed and round-the-clock coverage for a job that human reviewers used to handle slowly.
That shift landed in the middle of a hard stretch for the company’s headcount. Meta cut thousands of jobs during the week of May 20, part of a wider move to lean on automation across support and other functions. The same period saw the account takeovers surface. The push to automate support sits inside a far larger spend; the company’s broader strategy runs through a multibillion-dollar bet on consumer AI products that now touches nearly every part of its apps.
The catch with a bot that can reset passwords is that there is no easy person to call when the bot gets it wrong. Several locked-out owners said they could not reach a human to undo the change, even as the automated system that caused the problem kept answering. A support channel with no escalation path becomes a dead end the moment it makes a mistake.
Defaced Handles and a Market for Short Usernames
Two motives showed up in the same wave. One set of attackers chased attention, planting pro-Iran messages on government-linked and celebrity accounts. The Space Force takeover was the clearest example; our earlier reporting covered how pro-Iran hackers seized the Space Force’s top enlisted leader’s Instagram over a Sunday evening.
The other motive was money. Short, clean usernames like single words or single letters are scarce, and they change hands quietly for tens of thousands of dollars on underground markets. An account takeover that needs nothing but a chat session is a cheap way to grab inventory worth far more, which helps explain why the handles being snatched skewed toward short, memorable names.
For the people who lost accounts, the frustration was the loop itself. The owner of the @korn handle summed it up.
We’re at the point where one AI stole it, and another can’t fix it, zero humans in the loop anywhere.
That owner spoke to BleepingComputer, which tracked several of the takeovers. For anyone whose account is used to log in elsewhere or holds payment details, the cleanup can stretch well past Instagram itself; the Federal Trade Commission’s resources on identity theft and account recovery walk through the wider steps.
Steps Instagram Users Can Take Right Now
Meta says the flaw is patched, so a fresh wave using this exact trick is less likely. The basic hardening is still worth doing, and most of it takes a few minutes.
- Turn on two-factor authentication, ideally with an authenticator app rather than text messages, since it blocked at least part of this attack.
- Check your login activity and your list of logged-in devices, and remove anything you do not recognize.
- Confirm the email address and phone number on the account are still yours; an unexpected change is the clearest sign of trouble.
- Watch for emails saying your email was added or changed, and act fast if one arrives that you did not request.
- If you are locked out, start at Instagram’s official compromised-account recovery portal.
If an account is already gone, the recovery route runs through Instagram’s portal for hacked and compromised accounts, which can ask for a video selfie to confirm you are the real owner.
Meta says the hole is closed and no database was breached. It has not published a technical breakdown of how the bot was fooled, or how many accounts it handed over before the weekend was out.
Frequently Asked Questions
Did Meta fix the Instagram AI chatbot vulnerability?
Yes. Andy Stone, a Meta communications executive, said the issue was resolved and that the company is securing affected accounts. Meta pushed an emergency patch over the weekend and stated that no back-end database was breached, though it has not released a full technical explanation.
Did two-factor authentication protect Instagram accounts?
Reports conflict. Some attackers said the method failed against accounts with two-factor authentication enabled, yet researcher Jane Manchun Wong reported her protected account was still taken over. Two-factor authentication, ideally through an authenticator app, remains the strongest single step you can take.
How can I tell if my Instagram account was accessed?
Check your login activity and active sessions in Instagram’s security settings, and look for any email or phone number on the account that you did not add. An email notification saying a new address was linked, when you did not request it, is the main warning sign this attack leaves behind.
Were only celebrities and brands affected?
The visible victims were high-profile accounts and short premium usernames, but the technique did not depend on fame. Any account without strong multi-factor protection could in principle be targeted, which is why Meta is securing accounts broadly rather than only well-known ones.
What should I do if my Instagram account was hacked?
Go to instagram.com/hacked to start recovery, which may include a video selfie to verify ownership. If the account links to payments or to logins on other sites, change those passwords too and review the FTC’s identity-theft steps, since a takeover can ripple beyond Instagram.
Meta Secures Instagram Accounts After AI Chatbot Hack
Malaysia Enforces Under-16 Social Media Ban With Mandatory ID Checks
The EU’s Age Verification App Trades One Privacy Risk for Another
BigTrunk Bags Velvex National Digital and Social Mandate
Crypto Payments Shift Florida’s Gambling Revenue Math in 2026
Meta’s 13+ Teen Filters Go Global, Squeezing Ad Targeting
DeepSeek Takes $7.4 Billion After Years of Refusing Investors
Acer’s 1000Hz Gaming Monitors Hide a 720p Refresh Catch
Luna Abyss Shows What a Day-One Xbox Game Pass Slot Is Worth
netiBIO Wins Biomass Award as CBG Plants Chase Higher Yield
Andreessen Horowitz Bets $2.2B on Crypto’s Quiet Cycle
Cathie Wood Calls SpaceX IPO Demand ‘Voracious’ Ahead Of $1.75T Debut
Ghana CSA Plants Office In Ho As Volta Cybercrime Climbs
Hormuud Bets $19 Down Will Finally Pull Somalia Online
Google’s Buried Page Reveals 500 Niche Websites Still Making Cash
Apple Strikes Preliminary Deal For Intel To Make iPhone And Mac Chips
Metalenz Polar ID Hides Face Unlock Under OLED Smartphone Screens
Google AI Overviews Adds Subscribed Label, Reddit Quotes Inline
Asha Sharma Reshuffles Xbox Leadership In Race To Project Helix
Audible Faces Nationwide Class Action Over Expiring Credits
-
CRYPTO4 weeks agoAndreessen Horowitz Bets $2.2B on Crypto’s Quiet Cycle
-
CRYPTO4 weeks agoCathie Wood Calls SpaceX IPO Demand ‘Voracious’ Ahead Of $1.75T Debut
-
NEWS4 weeks agoGhana CSA Plants Office In Ho As Volta Cybercrime Climbs
-
NEWS4 weeks agoHormuud Bets $19 Down Will Finally Pull Somalia Online
-
APPS4 weeks ago
Google’s Buried Page Reveals 500 Niche Websites Still Making Cash
-
NEWS4 weeks agoApple Strikes Preliminary Deal For Intel To Make iPhone And Mac Chips
-
NEWS4 weeks agoMetalenz Polar ID Hides Face Unlock Under OLED Smartphone Screens
-
AI4 weeks agoGoogle AI Overviews Adds Subscribed Label, Reddit Quotes Inline