Meta acknowledged on Monday that intruders successfully breached prominent Instagram pages by exploiting its AI-powered support chatbot, noting that a fix was deployed once security experts flagged the vulnerability.
High-Profile Targets Compromised
These revelations emerged alongside a wave of breaches hitting prominent Instagram profiles. Among those compromised were Sephora, the Chief Master Sergeant of Space Force, and the Barack Obama White House page (@obamawhitehouse).
Similar attacks seemingly hit the wider public during the weekend, with numerous individuals taking to Reddit to report compromised Instagram profiles, while others on X raised the alarm over identical account takeovers.
Even my Instagram account got hacked
— Jane Manchun Wong (@wongmjane) June 1, 2026
The password got changed without my knowledge and I was getting different password reset attempts throughout yesterday. And I got repeatedly logged out from the IG iOS app
Quite concerning https://t.co/F6wjKYrlBo
'The password got changed without my knowledge and I was getting different password reset attempts throughout yesterday,' Security researcher Jane Wong said her Instagram account was hijacked. 'Quite concerning.'
How the Simple Exploit Worked
A demonstration uploaded to X laid out the exact method used to breach Instagram profiles. To bypass the platform's automated security triggers, the intruder reportedly relied on a VPN to fake the geographic location of their intended targets.
🚨 Instagram had an exploit that allowed you to use Meta AI to reset passwords to accounts with no MFA on them. The exploit was patched a short time ago.pic.twitter.com/PEUwLvmllj
— Dark Web Informer (@DarkWebInformer) June 1, 2026
Next, the hacker initiated a conversation with the Meta AI Support Assistant, requesting that a new email address be linked to the victim's profile. Footage shows the bot dispatching a security pin to the newly provided address; once the thief fed this code back into the chat, the assistant generated a 'Reset Password' prompt. By simply inputting a new password, the attacker successfully locked the owner out of their account.
Bypassing Original Account Security
TechCrunch successfully confirmed the exploit after checking the intruder's public inbox, which was visible in the footage, and verifying that the security code had indeed arrived. Crucially, the exploit succeeded because the intruder never actually needed to gain control of the genuine email inbox associated with the victim's Instagram profile.
This claim about world leaders is totally false.
— Andy Stone (@andymstone) June 1, 2026
The issue that did happen has already been fixed.
Responding to Wong and other affected posters, Instagram spokesperson Andy Stone confirmed on Monday that the vulnerability had been resolved.
This issue has been resolved and we are securing impacted accounts.
— Andy Stone (@andymstone) June 1, 2026
In a separate post, he noted that 'This issue has been resolved, and we are securing impacted accounts.' However, the exact number of individuals who had their profiles compromised during the security lapse remains unknown.
Growing Fears Over AI Safety
This security failure fuels growing anxiety surrounding the dependability of artificial intelligence when trusted to manage critical safety protocols like account credentials.
🇮🇷🇺🇸 Hackers took over multiple Instagram accounts, including the Obama White House account and the US Space Force Chief Master Sergeant's account.
— Mario Nawfal (@MarioNawfal) June 1, 2026
They did it by simply asking Meta's own AI support chatbot to add their email address and reset the password.
The exploit… https://t.co/9luq6iwZNT pic.twitter.com/8KhJSWutED
Having rapidly restructured its workforce around artificial intelligence and aggressively expanded automated features across its platforms, Meta rolled out this support assistant globally on Facebook and Instagram earlier this year. Promotional materials for the tool highlighted that the assistant can 'take action for you on a growing set of requests directly within Facebook and in the future, on Instagram.'
The Future of Tech Moderation
The assistant was designed to handle tasks ranging from resetting passwords to flagging scams, impersonation profiles, and inappropriate content. 'The Meta AI support assistant is a major step in our work to deliver stronger support on our apps,' reads a March press release from Meta.
As Meta continues to push automated tools into core moderation roles, this incident serves as a stark reminder of the risks involved. Relying on automation to protect user data clearly backfires when systems cannot distinguish between a legitimate owner and a clever intruder, leaving tech giants with a difficult balancing act ahead.
