Hackers Exploit Meta AI Tool To Hijack Instagram Accounts, Including Obama's White House Page
· Free Press Journal
Hackers exploited a critical vulnerability in Meta's AI-powered support chatbot over the weekend to hijack multiple high-profile Instagram accounts, with attackers needing no access to victims' existing passwords or email addresses to pull it off.
The compromised accounts include the Instagram handle for the Obama-era White House, which appears to have been inactive since 2017, and the account of the US Space Force's chief master sergeant John Bentivegna. Prominent security researcher Jane Wong also reported being targeted.
Visit afrikasportnews.co.za for more information.
How they did it?
A video posted on X showed the step-by-step process. The hacker used a VPN to spoof the target's presumed location, bypassing Instagram's automated account protections. The attacker then opened a chat with the Meta AI Support Assistant and simply asked the bot to add a new email address to the target's account. The chatbot sent a verification code to the hacker's own email address; the hacker shared that code back with the chatbot, which then displayed a button to reset the account password.
Instagram had an exploit that allowed you to use Meta AI to reset passwords to accounts with no MFA on them. The exploit was patched a short time ago.pic.twitter.com/PEUwLvmllj
— Dark Web Informer (@DarkWebInformer) June 1, 2026
Critically, the attack worked because at no point did the hacker need to access the legitimate email address actually linked to the victim's Instagram account. Meta's own tool, designed to help users, became the entry point.
Several users on Reddit reported their Instagram accounts had been compromised, and multiple users on X warned of similar account hijackings. Wong described the experience as alarming: her password was changed without her knowledge while she received repeated reset attempts throughout the day.
Even my Instagram account got hacked
— Jane Manchun Wong (@wongmjane) June 1, 2026
The password got changed without my knowledge and I was getting different password reset attempts throughout yesterday. And I got repeatedly logged out from the IG iOS app
Quite concerning https://t.co/F6wjKYrlBo
The attack appears to have targeted both dormant legacy accounts and active verified ones, raising concerns about the security of any Instagram account, regardless of activity level.
Meta says it's fixed
Instagram spokesperson Andy Stone said in a reply on X that the issue had been resolved. It remains unclear how many Instagram users had their accounts improperly accessed. Meta did not provide further detail on the scope of the breach or how the chatbot flaw went undetected.
This claim about world leaders is totally false.
— Andy Stone (@andymstone) June 1, 2026
The issue that did happen has already been fixed.
The incident spotlights a growing risk as platforms deploy AI assistants with account-level access: a chatbot capable enough to help legitimate users reset credentials is also, in the wrong hands, a ready-made hacking tool.