Meta Fixes AI Support Bot Flaw After US Accounts Hijacked

Hackers used a security flaw in Meta's AI support chatbot to hijack Instagram accounts without requiring passwords or email verification [1, 2].

This breach highlights a critical vulnerability in how artificial intelligence handles identity verification, as attackers were able to bypass standard security protocols to seize high-profile accounts [1, 3].

The exploit allowed attackers to reset account passwords, or change associated email addresses, through the chatbot [1, 3]. Instructions on how to perform the attack were shared on Telegram ^[1]. Because the bot failed to verify the identity of the requester, hackers gained unauthorized access to several notable profiles [1, 2].

Among the compromised accounts were the Obama White House and the Chief Master Sergeant of the U.S. Space Force [1, 2]. Attackers used these accounts to post pro-Iranian images and messages [1, 2]. Some reports indicate that the hijackers also intended to resell the compromised accounts [1, 2].

The exploit occurred over the weekend of early June 2026 and was reported on June 1 [1, 4]. There are conflicting reports regarding the current status of the fix. Digital Trends said Instagram has patched the flaw ^[3], while MSN said the company is still working to fix the issue ^[5].

Meta has not provided a detailed public explanation of the specific logic failure that allowed the AI to bypass verification. The incident underscores the risks of delegating sensitive account recovery processes to automated AI systems without rigorous human-in-the-loop oversight [1, 2].