Military & Security

Hackers hijacked high-profile Instagram accounts by simply asking Meta’s AI chatbot to change the email

AI Quick Briefs Editorial Desk · June 2, 2026
Hackers hijacked high-profile Instagram accounts by simply asking Meta’s AI chatbot to change the email

What happened

Hackers hijacked high-profile Instagram accounts, including the Obama White House page, by exploiting a weakness in Meta’s AI chatbot support system. They convinced the AI chatbot to change the email address linked to these accounts without needing the original owner’s approval or knowledge. This method completely bypassed two-factor authentication, a key security feature designed to prevent unauthorized access. Meta has since patched the vulnerability, but security researchers warn a similar exploit is spreading on platforms like Telegram.

The risk

This exploit exposes a new attack surface where AI-powered customer support tools can undermine established security measures. Two-factor authentication usually stops attackers who might have stolen passwords, but the AI assistant’s ability to update account recovery information created an unexpected backdoor. The risk is that malicious actors can use AI chatbots as a vector for social engineering to take over accounts with minimal technical effort. This lowers the bar for attackers targeting high-value digital assets and public figures.

Why it matters

For account owners, especially high-profile users and brands, this incident weakens trust in AI-enhanced support channels. Automated systems designed to improve user interactions now introduce new security trade-offs. Businesses relying on customer-facing AI support need to reassess how these tools can be exploited to bypass identity verification protocols. For Meta and other platforms, it shifts pressure to closely vet AI workflows that handle sensitive account management tasks. This attack also signals to defenders that AI-driven systems need layered safeguards and continuous threat monitoring.

Who should pay attention

Security teams at companies using AI chatbots for support should audit how these bots verify identity and handle sensitive requests. Social media managers and public figures need heightened vigilance around account recovery options. Developers working with AI assistants must push for stronger authentication integration and anomaly detection. Investors and regulators should note that AI’s expansion into core security workflows can introduce new vulnerabilities that require industry standards and oversight.

What to watch next

Expect Meta and other social media companies to deploy stricter controls on automated support systems, possibly limiting what AI chatbots can change without human intervention. Watch for emerging defenses combining AI with layered human verification or adaptive risk scoring. Keep an eye on Telegram and underground channels where similar exploits may circulate, potentially leading to more hijackings. This incident could accelerate the debate about balancing AI convenience against security in consumer platforms.

AI Quick Briefs Editorial Desk

Read Full Article →
Related
Anthropic scales Claude Mythos to critical infrastructure in 15+ countries
Anthropic scales Claude Mythos to critical infrastructure in 15+ countries
AI-Driven Exploitation is Destroying Vulnerability Management. Here’s How to Handle It.
AI-Driven Exploitation is Destroying Vulnerability Management. Here’s How to Handle It.
MazeBolt launches RADAR VectorAI to test enterprise defenses against AI-generated DDoS attacks
MazeBolt launches RADAR VectorAI to test enterprise defenses against AI-generated DDoS attacks
Stay ahead of AI Get the most important AI news delivered to your inbox — free.
Subscribe →