June 9, 2026 Hackers exploited Meta’s AI-powered support chatbot to gain control of Instagram accounts, including several high-profile profiles. Meta has since revealed that approximately 20,225 Instagram accounts were compromised through the vulnerability and has taken steps to secure affected users.
According to reports, attackers abused Meta’s AI Support Assistant during the password recovery process. The method had the attackers initiating a password reset, selecting the AI support option and asking the chatbot to add a new email address to the target account.
The chatbot reportedly completed the request without verifying that the person making the request was logged into the account. It then sent a verification code to the newly added email address, allowing attackers to change the account password and lock out the legitimate owner.
A video demonstrating the exploit was shared online by Dark Web Informer. Among the accounts reportedly affected were the Instagram profile for the Obama-era White House, which has been inactive since 2017, the account belonging to U.S. Space Force Chief Master Sergeant John Bentivegna, and the account of security researcher Jane Wong.
While Meta noted that a small number of cases may have been legitimate user requests, it indicated that the vast majority were unauthorized account takeovers. The attackers may have gained access to profile information, email addresses, phone numbers, dates of birth, direct messages, social media posts, account activity records, and interaction histories associated with affected accounts.
In response, Meta disabled the vulnerable support tool and said it will not be restored until the flaw has been fully addressed. The company also invalidated password reset links generated through the exploit.
Affected accounts have been enrolled in mandatory security checks, and passwords have been reset to help prevent further unauthorized access. Meta has also notified impacted users about the incident.
