Hackers Used Meta AI Support Tool to Take Over High-Profile Instagram Accounts
A security flaw in Meta’s AI-powered support chatbot allowed hackers to take control of more than 20,000 Instagram accounts, including profiles linked to the Obama-era White House and the U.S. Space Force.
According to reports, attackers exploited the vulnerability by initiating a password reset and selecting Meta’s AI Support Assistant as the recovery method. They then instructed the chatbot to add an email address of their choice to the targeted account. The system reportedly processed the request without requiring the attacker to be logged in.
A verification code was subsequently sent to the attacker-controlled email address, enabling them to reset the account password and gain full access. The exploit required no specialized tools, coding knowledge, or advanced hacking techniques.
DIB Pakistan Enters New Era with Rebranding Initiative Across Branch Network
Thousands of Instagram Profiles Compromised Through Meta Support Bot Exploit
Among the compromised accounts were a White House Instagram page associated with the Obama administration and an account belonging to Chief Master Sergeant John Bentivegna of the U.S. Space Force. Security researchers also shared demonstrations showing how the flaw could be abused.
Meta later confirmed that approximately 20,225 Instagram accounts were affected. While some password reset requests may have been legitimate, the company acknowledged that the majority of account takeovers occurred without the account owners’ authorization.
The breach potentially exposed a wide range of sensitive information, including profile details, email addresses, phone numbers, birth dates, direct messages, social media posts, and account activity records. Verified and high-profile accounts may also have had private communications and follower-related data exposed.
In response, Meta invalidated all password reset links generated through the vulnerable system, required affected users to complete additional security steps, and disabled the AI support feature. The company said the tool will remain offline until the underlying security issue has been fully resolved.


