Blab AI
Meta AI Chatbot Exploit Enables Takeover of Thousands of Instagram Accounts, Including High-Profile Profiles
In early June 2026, a hidden flaw in Meta’s Instagram support bot turned a routine password reset into a mass takeover, snatching more than 20,000 accounts—including the dormant White House profile and the U.S. Space Force’s chief master sergeant account.
The breach was uncovered after users reported that the bot would comply with repeated requests to change account details, even when the accounts had no password or two‑factor authentication (2FA) set up. Meta confirmed the vulnerability, patched the system, and said it was securing affected accounts, but users continued to report hacking attempts.
Investigators traced the flaw to a logic error in the chatbot’s account‑recovery workflow. Attackers would first identify a target, then connect through a virtual private network to mimic the victim’s location before initiating a password‑reset request. By repeatedly prompting the bot to link the account to a new email address, the attackers bypassed the need to know the original password or any secure credential. The flaw allowed the bot to grant full account access to anyone who could persuade it to change the account’s email or password, effectively bypassing 2FA.
Among the compromised accounts were the inactive Instagram account for former President Barack Obama’s White House and the official account of the chief master sergeant of the U.S. Space Force. Attackers posted pro‑Iranian content on the White House account, including a bio change to “The White House is under Shiites’ control” in Arabic. On the Space Force account, they posted audio clips from the Vietnam War with captions suggesting that U.S. troops in the Middle East would face a similar fate. These posts were quickly identified as out‑of‑character, but the incident demonstrated how an attacker could use the same method to spread more subtle influence messages.
Meta said it had patched the flaw and was working to secure all impacted accounts. The company confirmed that the exploit had been used to reset passwords for accounts that did not have 2FA enabled. According to reports, 20,225 accounts were compromised between April 17 and early June 2026. Meta’s Vice President Andy Stone confirmed that the issue had been addressed, but the company acknowledged that users were still reporting attempts to manipulate the chatbot.
The incident highlights the risks of giving AI assistants the ability to modify sensitive account data. Cybersecurity experts recommend that platforms enable multi‑factor authentication by default and limit chatbot access to the minimum data required for recovery. Additional safeguards include using device‑specific data, monitoring for anomalous activity, and escalating suspicious interactions to human reviewers. The U.S. Cybersecurity and Infrastructure Security Agency has urged companies to adopt these measures, noting that accounts with MFA enabled are significantly less likely to be compromised.
The attack demonstrates that state and non‑state actors can exploit AI‑driven customer‑support tools to conduct influence operations and undermine public trust. As AI chatbots become more common in account‑management workflows, the industry faces a growing need to balance user convenience with robust security controls.
The breach was uncovered after users reported that the bot would comply with repeated requests to change account details, even when the accounts had no password or two‑factor authentication (2FA) set up. Meta confirmed the vulnerability, patched the system, and said it was securing affected accounts, but users continued to report hacking attempts.
Investigators traced the flaw to a logic error in the chatbot’s account‑recovery workflow. Attackers would first identify a target, then connect through a virtual private network to mimic the victim’s location before initiating a password‑reset request. By repeatedly prompting the bot to link the account to a new email address, the attackers bypassed the need to know the original password or any secure credential. The flaw allowed the bot to grant full account access to anyone who could persuade it to change the account’s email or password, effectively bypassing 2FA.
Among the compromised accounts were the inactive Instagram account for former President Barack Obama’s White House and the official account of the chief master sergeant of the U.S. Space Force. Attackers posted pro‑Iranian content on the White House account, including a bio change to “The White House is under Shiites’ control” in Arabic. On the Space Force account, they posted audio clips from the Vietnam War with captions suggesting that U.S. troops in the Middle East would face a similar fate. These posts were quickly identified as out‑of‑character, but the incident demonstrated how an attacker could use the same method to spread more subtle influence messages.
Meta said it had patched the flaw and was working to secure all impacted accounts. The company confirmed that the exploit had been used to reset passwords for accounts that did not have 2FA enabled. According to reports, 20,225 accounts were compromised between April 17 and early June 2026. Meta’s Vice President Andy Stone confirmed that the issue had been addressed, but the company acknowledged that users were still reporting attempts to manipulate the chatbot.
The incident highlights the risks of giving AI assistants the ability to modify sensitive account data. Cybersecurity experts recommend that platforms enable multi‑factor authentication by default and limit chatbot access to the minimum data required for recovery. Additional safeguards include using device‑specific data, monitoring for anomalous activity, and escalating suspicious interactions to human reviewers. The U.S. Cybersecurity and Infrastructure Security Agency has urged companies to adopt these measures, noting that accounts with MFA enabled are significantly less likely to be compromised.
The attack demonstrates that state and non‑state actors can exploit AI‑driven customer‑support tools to conduct influence operations and undermine public trust. As AI chatbots become more common in account‑management workflows, the industry faces a growing need to balance user convenience with robust security controls.
