Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts – Krebs on Security

Staff Editor 2026-06-01
Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts – Krebs on Security

Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts – Krebs on Security

https://krebsonsecurity.com/2026/06/hackers-used-metas-ai-support-bot-to-seize-instagram-accounts/

Publish Date: 2026-06-01 13:45:00

Source Domain: krebsonsecurity.com

The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how to trick Meta’s “AI support assistant” bot into resetting account passwords.

A screenshot from a video released on Telegram claiming to show how Meta’s AI customer support bot could be tricked into resetting a target’s password.

On May 31, word began to spread on several Telegram instant message channels that Meta’s AI bot would happily add an email address to an existing account as part of the bot’s standard password reset flow.

A video released on Telegram by pro-Iran hackers claimed to document a remarkably simple exploit that appears to have involved using a VPN connection with an IP address that is in or near the target’s usual hometown, requesting a password reset for the account, and then choosing to chat with Meta’s AI support assistant. From there, the video shows the attacker told the bot to link the account in question to a new email address, after which the bot dutifully sent that address a one-time code that allowed a password reset.

The Telegram account that posted the video also linked to screenshots of pro-Iran images, videos and messages that defaced the hacked Instagram accounts, saying hackers had used the exploit to hijack a number of valuable (read: short) Instagram account names that allegedly have a resale value of more than a half million dollars.

Meta has not responded to requests for comment on the video’s claims, but the company reportedly did acknowledge the dormant Instagram account for the Obama White House was briefly compromised. The security blog thecybersecguru.com reports that Meta pushed an emergency patch over the weekend, and clarified that no back end database was breached.

“Instagram has notoriously poor human support infrastructure,” Cybersecguru…

Source

More Stories

A First Step to Unpacking Cyber, Deception, and Intelligence Contests

A First Step to Unpacking Cyber, Deception, and Intelligence Contests

Staff Editor 2026-06-05
Mythos rejuvenated cybersecurity. Earnings put the rally to the test

Mythos rejuvenated cybersecurity. Earnings put the rally to the test

Staff Editor 2026-06-05
CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers

CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers

Staff Editor 2026-06-05

Terms and Conditions - Privacy Policy