Over the weekend of May 31, 2026, a critical security vulnerability in Meta’s AI-driven customer support system allowed unauthorized parties to hijack high-profile Instagram accounts. Among the compromised profiles were the official Obama White House account, the account of the Chief Master Sergeant of the U.S. Space Force, and the brand account for Sephora, according to reports from 404 Media and Krebs on Security.
The attack vector, which security blogger 'Sid' described as the most 'unserious' and 'almost too stupid to be true' exploit he has seen, centers on the AI support assistant Meta introduced to all Facebook and Instagram users in March. The bot, designed to provide 'solutions, not just suggestions' regarding account security and recovery, failed to perform adequate identity verification, according to documentation shared in Telegram hacker channels.
The Anatomy of the Takeover
Attackers initiated the exploit by using a VPN or proxy server to match the geographical region of the target account, a move intended to bypass Meta’s location-based security algorithms. Once the connection was established, the attacker requested a password reset and engaged the AI support bot. According to Krebs on Security, the bot would then facilitate the account takeover by allowing the user to link a new, attacker-controlled email address to the account. The AI then sent a one-time verification code to that email, effectively granting the attacker full ownership.
This process functions as a 'zero auth' password reset, according to Sid’s blog. Because the system treats the AI-led recovery as a legitimate action by the account owner, it bypasses existing multi-factor authentication (2FA) protocols entirely. Existing user sessions are revoked, and the original owner is locked out with no notification via email or text.
AI Identity Verification Failures
Sid noted that the AI support bot may request a video selfie to verify identity, but the process is not currently discerning. Attackers have reportedly bypassed this by using AI-animated public photos taken directly from a target's feed. Once the attacker maps new contact information to the account, the original owner is left to navigate an automated support loop with no clear path to human intervention.
Reports from 404 Media indicate that hackers utilized the vulnerability to hijack 'short' or highly coveted account names, which are estimated to have a resale value exceeding $500,000 on the black market. The compromised accounts, including the Obama White House profile, were briefly defaced with pro-Iranian imagery and messaging before Meta reportedly pushed an emergency patch over the weekend.
While Meta has not responded to requests for comment regarding the specific mechanics of the exploit, the company acknowledged the compromise of the Obama White House account to various outlets. The incident highlights the extreme risks associated with offloading critical account maintenance functions to automated AI systems.
