Instagram accounts hacked using Meta AI

Instagram has fixed a security flaw that allowed hackers to take over user accounts by tricking Meta's AI-powered support chatbot into resetting passwords. The attack, which compromised accounts including the Obama-era White House Instagram handle and a U.S. Space Force official, exploited the chatbot's ability to add a new email address and send a verification code without requiring access to the victim's original email. Instagram spokesperson Andy Stone confirmed the issue was resolved on Monday, though the total number of affected accounts remains unclear.

Instagram has resolved a security issue that allowed several users’ accounts to get hacked. The attack appeared to rely on tricking Meta’s own AI-powered support chatbot into granting access to a victim’s account. Over the weekend, several https://www.reddit.com/r/Instagram/comments/1tt7uwj/be weary of new ig hack/ users https://www.reddit.com/r/cybersecurity help/comments/1tt9i8z/instagram account username changed and hacked/ on Reddit claimed that their Instagram accounts had been compromised, and a number https://x.com/oracles/status/2061331778972114948 of https://x.com/thecomfeed/status/2061147638490173588 users https://x.com/bahrambiz/status/2061154730362212779 on X warned of similar account hijackings. The compromised accounts include the Instagram handle for the Obama-era White House https://www.tmz.com/2026/05/31/obama-white-house-hacked-on-instagram/ , which appears to have been inactive since 2017; and the account of the U.S. Space Force’s chief master sergeant John Bentivegna https://taskandpurpose.com/culture/space-force-bentivegna-instagram-hacked/ . Security researcher Jane Wong said her Instagram account was also taken over. “The password got changed without my knowledge and I was getting different password reset attempts throughout yesterday,” said https://x.com/wongmjane/status/2061456887959474393 Wong. “Quite concerning.” A video https://x.com/DarkWebInformer/status/2061253599758315527 posted on X showed the step-by-step process to hack someone’s Instagram account. The hacker allegedly used a VPN to spoof the targets’ presumed location to avoid triggering Instagram’s automated account protections. Then, the hacker opened a chat with Meta AI Support Assistant and asked the bot to add a new email address to the target’s account. The chatbot can be seen sending a verification code to the email address provided by the hacker; the hacker then shares the verification code with the chatbot, which prompts the chatbot to show a button to “Reset Password.” The hacker enters a new password and takes over the victim’s account. Contact Us Do you have more information about these Instagram hacks? Or other flaws affecting Instagram? We’d love to hear from you. From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or . mailto:lorenzo@techcrunch.com/ TechCrunch was able to verify that the hacker’s public email mailbox, which was displayed in the video, effectively received the verification code. The attack relied on the fact that at no point the hacker had to take over the legitimate email address linked to the victims’ Instagram account. On Monday, Instagram spokesperson Andy Stone said in a reply https://x.com/andymstone/status/2061489833441145103 to Wong’s post and others that the issue was now fixed. It’s unclear how many Instagram users had their accounts improperly accessed. Meta did not immediately respond to TechCrunch’s request for comment.