Mon 06 Jul 2026 / 15:32 ET
Kernel
Security 3 min read

Meta support bot trick reportedly exposed Instagram accounts to takeover

Pro-Iran hackers claimed they used Meta’s AI account recovery assistant to reset Instagram passwords and deface prominent accounts.

Dana Voss

By Dana Voss / Security Correspondent

Hackers briefly took over Instagram accounts belonging to the Obama White House and the Chief Master Sergeant of the U.S. Space Force over the weekend, replacing them with pro-Iranian images and messages, according to KrebsOnSecurity. The reported entry point was not a leaked password database or a server break-in. It was Meta’s own AI support assistant.

Instructions for the attack began spreading on Telegram on May 31, KrebsOnSecurity reported. A video posted by pro-Iran hackers claimed to show that Meta’s account recovery chatbot could be persuaded to attach a new email address to an existing Instagram account during a password reset flow.

The claimed method was crude enough to be credible and embarrassing enough to demand a very specific denial. According to the Telegram video described by KrebsOnSecurity, the attacker used a VPN endpoint in or near the target account holder’s usual hometown, started a password reset, and then moved into a chat with Meta’s AI support assistant. The attacker then asked the bot to connect the targeted account to a new email address. The bot allegedly sent a one-time code to that address, which let the attacker reset the password.

That is account recovery turned inside out: a system built to help locked-out users became, if the video is accurate, a way to convince Meta to hand the account to someone else.

Meta says the issue was fixed

Meta did not respond to KrebsOnSecurity’s requests for comment on the claims in the Telegram video. Andy Stone, Meta’s communications director, said on X that the issue had been resolved and that Meta was securing affected accounts.

The security site Cybersecguru reported that Meta pushed an emergency patch over the weekend. It also said no back-end database had been breached. That distinction matters. A database breach would suggest attackers stole account records at scale. The reported flaw instead sat in the recovery workflow, where a chatbot appears to have had enough authority to change account contact information without strong enough proof that the person asking was the legitimate owner.

Cybersecguru described Meta’s AI assistant as a layer intended to handle routine support tasks such as reconnecting a lost email address, initiating password resets, and checking account ownership. That is exactly the kind of work users want handled quickly, because Instagram’s human support is widely criticized as slow and hard to reach. It is also exactly the kind of work attackers love to manipulate.

Short handles and weak recovery flows

The Telegram account that posted the video also shared screenshots of defaced accounts and claimed the same technique had been used to seize valuable short Instagram usernames. The account alleged that some of those handles had resale value above $500,000, according to KrebsOnSecurity. That figure is an allegation from the attackers, not a verified market price.

Ian Goldin, a threat researcher at Lumen’s Black Lotus Labs, told KrebsOnSecurity that large platforms are entering new security territory as they give AI chatbots control over sensitive account recovery steps. Human support workers have long been targets for social engineering. Goldin said AI assistants introduce a similar attack surface because they are designed to be helpful and can be pushed into doing the wrong thing.

The attackers who released the Telegram video said the method did not work against accounts with multi-factor authentication enabled, KrebsOnSecurity reported. The report said even Instagram’s less robust SMS-based one-time-code option likely would have stopped this particular takeover path, while stronger options include passkeys and hardware security keys.

The lesson for Meta is sharper: if a support bot can alter the recovery address for an account, it is not just answering questions. It is holding keys.

This story draws on original reporting from Krebs on Security.

More Security/

view all ↗