Hackers used Meta’s AI support assistant to add attacker-controlled emails and reset passwords on Instagram accounts including the Obama White House and Chief Master Sergeant of the U.S. Space Force. Instructions spread on Telegram channels from May 31 using VPNs matched to target locations. Meta’s Andy Stone stated the issue was resolved and affected accounts secured.

Krebs on Security documented the flow: attackers initiated password resets then instructed the bot to link new emails, which sent one-time codes without further verification. Thecybersecguru.com reported an emergency patch deployed over the weekend with no backend database breach. Instagram’s limited human support had prompted deployment of the conversational AI for recovery tasks such as email relinking.

Lumen Black Lotus Labs researcher Ian Goldin noted AI chatbots handling account recovery create new attack surfaces equivalent to social-engineering human agents. Accounts with any MFA enabled resisted the method. No additional primary sources beyond the Telegram video and Meta statements were cited in contemporaneous reports.