TL;DR
- Bot Exploit: Attackers used Meta’s AI support assistant to seize high-profile Instagram accounts.
- Affected Targets: Compromised accounts may have included the Obama-era White House handle and U.S. Space Force Chief Master Sergeant John Bentivegna’s account.
- Abuse Method: The method used location masking, email-change requests, and password resets to shift account control.
- Security Gap: Meta says the issue is resolved, while affected-account counts and changed safeguards remain unclear.
Attackers reportedly abused Meta’s AI support assistant to turn Instagram account recovery into an account-takeover path. The
affected targets may have included the Obama-era White House Instagram handle and U.S. Space Force Chief Master Sergeant John Bentivegna’s account, with some compromised accounts briefly showing pro-Iranian images and messages.
Telegram instructions for resetting account passwords made the method repeatable. Attackers centered the account-control path on changing target email addresses through the chatbot before the password reset completed.
Meta’s June 1 response put the status on narrower ground: the issue had been resolved and affected accounts were being secured. The scope however remains unsettled: Meta has not disclosed an affected-account count, which safeguards changed after the fix, or whether its public response leaves attacker identities and origin unresolved.
How the Account-Recovery Flow Was Abused
Account recovery became the attack surface because it sits close to ownership. Attackers used VPN location masking, a password-reset request, Meta’s AI support assistant, a new email address, and a one-time code to shift control of target Instagram profiles. Location masking can make a support request look like it comes from a target’s usual area, reducing suspicion if other checks are weak.
If a support assistant accepts an email-change request and continues the reset process, an attacker can reset the password without first controlling the original mailbox. Support workflow trust becomes the handoff point: once the platform treats a newly added mailbox as valid, the one-time code can move account control to the attacker.
Malware on the victim’s device or prior access to the original email inbox was not the necessary requirement. Meta implemented an emergency patch on May 29 after the exploit had been used against valuable handles and high-profile accounts, but the public-facing fix still leaves users without detail on the exact verification rule that changed.
Short or recognizable handles add a practical incentive beyond political vandalism. Handles such as @hey and @jowo put resale and impersonation into the risk calculation, because even brief access can be useful to a gray-market buyer or someone posing as a brand. For brands and public figures, a short lockout can damage reputation before the original owner regains access or warns followers.
Why Recovery Bots Need Hard Security Gates
Meta introduced its AI support assistant in March as a 24/7 help tool for support and safety issues across its apps. A tool built for account help naturally sits near account problems, but it also raises the security bar for any system that can touch email addresses, passwords, or recovery factors.
Prior recovery failures show why the chatbot layer raises the bar. In 2019, weak verification in Instagram’s mobile recovery process exposed profile control. A January password reset bug kept recovery proof in view.
Meta’s own account-protection tools add the platform-specific history. Its 2025 video selfie verification and an earlier issue with recycled-phone-number numbers risked account takeovers on Facebook and Instagram.
Ian Goldin, a threat researcher at Lumen’s Black Lotus Labs, described the support-bot hijackings as part of a wider security problem for automated support systems.
“AI chatbots create interesting new attack surface, and we’re likely going to see a lot more of these kinds of attacks.”
Ian Goldin, threat researcher at Lumen’s Black Lotus Labs (via Krebs on Security)
Account-control changes need a fixed check outside the chat before an AI assistant can alter email or password details. Safer account-control systems would require fixed checks before Meta’s AI support chatbot changes account details, rate limits tied to account-risk signals, anomaly logging for AI-driven account changes, and deterministic approval gates before email or password changes.
Multi-factor authentication could add a second proof of identity in the described account-takeover path, giving account owners a practical defense while Meta hardens the workflow. Meta’s next test is the verification check now standing between its assistant and email or password changes on a contested account.
