Singularity.Kiwi

AI progress, with honesty.
A smartphone screen showing an AI chatbot interface with security verification prompts, dark background with red warning accents, cinematic lighting, documentary style
Breaking News 4 June 2026

Hackers Tricked Meta's Own AI Chatbot Into Handing Over Instagram Accounts — Including the Obama White House

Meta's AI support bot was tricked into sending verification codes to attacker-controlled emails, then helpfully offered a 'Reset Password' button. The Obama White House Instagram account was among the victims.

MetaInstagramAI SecurityAI ChatbotsCybersecurity

The Short Version

Hackers hijacked multiple high-profile Instagram accounts — including the Obama White House account and the US Space Force’s chief master sergeant — by tricking Meta’s own AI support chatbot into granting access. The chatbot sent verification codes to attacker-controlled email addresses and then offered a “Reset Password” button. Meta says it’s fixed. The implications for AI chatbots as attack vectors are just getting started.

🔍 THE BOTTOM LINE

Meta built an AI chatbot to help users recover accounts. Attackers used it to steal them instead. This is the first major real-world demonstration of AI chatbots as security vulnerabilities — and it won’t be the last.

How the Attack Worked

A video posted on X showed the step-by-step process, and it’s staggeringly simple:

  1. Spoof location: The attacker used a VPN to appear to be in the same location as the target, bypassing Instagram’s automated location-based protections.
  2. Open Meta AI Support Assistant: The attacker initiated a chat with Meta’s AI-powered support bot — the one designed to help legitimate users recover accounts.
  3. Request email change: The attacker asked the bot to add a new email address to the target’s account.
  4. Receive verification code: The bot sent a verification code to the attacker’s email address. At no point did the attacker need access to the victim’s actual email.
  5. Reset password: After providing the verification code, the bot displayed a “Reset Password” button. The attacker entered a new password and took over the account.

Security researcher Jane Wong, whose own account was compromised, said: “The password got changed without my knowledge and I was getting different password reset attempts throughout yesterday. Quite concerning.”

The critical vulnerability: the chatbot never verified that the person requesting changes actually owned the account. It just… helped.

Who Got Hit

  • Obama White House Instagram — the official account for the Obama-era White House, inactive since 2017 but still a verified high-profile account. The compromised account was reportedly used to post pro-Iranian messaging.
  • US Space Force Chief Master Sergeant John Bentivegna — the account of a senior US military leader. Task & Purpose reported the hijacking.
  • Multiple other users — Reddit threads on r/Instagram and r/cybersecurity_help reported similar attacks over the weekend.

Why This Is Bigger Than Instagram

This isn’t just an Instagram security flaw. It’s the first major documented case of an AI chatbot as an attack vector — a concept security researchers have warned about theoretically, but which now has a real-world proof of concept.

The pattern is clear: AI chatbots are being deployed as customer service and support agents across every major platform. They have the ability to modify accounts, send verification codes, reset passwords, and grant access. If an attacker can social-engineer the bot — which is easier than social-engineering a human, because bots don’t have situational awareness or suspicion — the bot becomes a privilege escalation tool.

This is the AI-powered worm research from a different angle. The worms use AI to attack machines. This attack uses AI as the machine that gets attacked. Both are early examples of AI creating new attack surfaces that didn’t exist before.

Meta’s Response

Instagram spokesperson Andy Stone said on X that the issue was fixed as of Monday, responding to Jane Wong’s post and others. Meta did not immediately respond to TechCrunch’s request for comment.

Notably absent: any detail on how many accounts were affected, whether the fix addresses the root cause (AI chatbot authorisation logic) or just patches this specific attack path, or what safeguards are being added to prevent similar social-engineering attacks against Meta’s AI support tools.

The NZ Angle

Instagram has roughly 2 million monthly active users in New Zealand — about 37% of the population. Many NZ businesses, creators, and public figures rely on Instagram as a primary platform. A compromised Instagram account can mean:

  • Business disruption: Lost access to a business account means lost revenue, customer communication, and brand reputation damage.
  • Misinformation risk: The Obama White House account was used to post pro-Iranian messaging. A compromised NZ government or media account could be used similarly.
  • AI chatbot exposure: NZ organisations using AI chatbots for customer service — banks, telcos, government agencies — should be auditing their authorisation logic immediately.

❓ Frequently Asked Questions

Q: Is my Instagram account safe now? Meta says the vulnerability is fixed. If you have two-factor authentication enabled (and you should), you have an additional layer of protection regardless. Check your email address and phone number in your Instagram settings to make sure they haven’t been changed.

Q: How did the chatbot allow this? The bot didn’t verify that the person requesting changes was the account owner. It sent a verification code to an attacker-controlled email and then offered a password reset. The bot was doing exactly what it was designed to do — help with account recovery — but it was being manipulated by the wrong person.

Q: Could this happen with other AI chatbots? This is the question security researchers are asking. Any AI chatbot with the ability to modify accounts, send codes, or reset passwords is a potential attack vector. The attack surface scales with the chatbot’s permissions.

Q: What should organisations using AI chatbots do? Audit authorisation logic. Every action a chatbot can take should require verification of the user’s identity — not just the completion of a step-by-step process that an attacker can follow. Consider whether chatbots should have the ability to reset passwords at all, or whether that should require human verification.

🔍 THE BOTTOM LINE

Meta built an AI chatbot to help users and attackers used it to steal accounts instead. The Obama White House and a US Space Force chief were among the victims. The fix is in, but the lesson is permanent: AI chatbots with account modification powers are attack surfaces. Every company deploying AI support agents should be auditing their authorisation logic this week — not next quarter.

SOURCES

  • TechCrunch: “Hackers hijacked Instagram accounts by tricking Meta AI support chatbot into granting access”
  • Krebs on Security (analysis)
  • Reddit: r/Instagram, r/cybersecurity_help (user reports)
  • Jane Wong (security researcher) on X
  • TMZ: Obama White House Instagram hack
  • Task & Purpose: Space Force account hack
Sources: TechCrunch, Krebs on Security, Reddit, Jane Wong

Related Articles