Instagram has fixed a security flaw that recently allowed hackers to take over user accounts through Meta’s AI-powered support chatbot. The issue started gaining attention on Sunday after several users reported unusual account activity on Reddit and X.
Multiple Instagram accounts were reportedly compromised during the incident, including the account once used by the Obama White House. The profile has been inactive since 2017. Reports also claimed that the account of U.S. Space Force Chief Master Sergeant John Bentivegna was affected.
Many victims said hackers changed their passwords without permission. Some users also received repeated password reset attempts before losing access to their accounts.
According to a source, hackers used Meta’s own AI support assistant to bypass normal account protections. Instead of breaking into a victim’s email account, attackers reportedly convinced the chatbot to add a new email address to the target profile.
A video shared online showed how the process worked step by step. The hacker first used a VPN to match the victim’s likely location. This helped avoid triggering Instagram’s security systems. After that, the attacker opened a chat with the Meta AI Support Assistant and requested an email change on the target account.
🚨 Instagram had an exploit that allowed you to use Meta AI to reset passwords to accounts with no MFA on them. The exploit was patched a short time ago.pic.twitter.com/PEUwLvmllj
— Dark Web Informer (@DarkWebInformer) June 1, 2026
The chatbot then sent a verification code to the hacker’s email address. Once the attacker shared that code inside the chat, the bot displayed a password reset option. The hacker then created a new password and gained full control of the account.
Reports about the flaw quickly spread across social media. Security researcher Jane Wong also claimed her Instagram account was compromised during the incident. She said her password had changed without her knowledge, and she received multiple reset attempts throughout the day.
Questions Around AI Support Systems
The incident has also raised fresh concerns about AI-powered customer support systems. Many companies now rely on AI chatbots to handle account recovery, password changes, and email updates. However, this case shows how dangerous those systems can become if security checks fail.
AI chatbots are designed to make support faster and easier. Still, experts believe they should never skip strong identity verification steps. If hackers can manipulate automated systems, users may lose access to important accounts within minutes.
The situation also highlights a bigger issue in the tech industry. Companies continue pushing AI tools into sensitive areas without fully testing every possible risk. As more users depend on chatbots for account management, security failures could create serious privacy and safety concerns.
Instagram Says the Problem Is Fixed
On Monday, Instagram confirmed that it fixed the issue after users raised concerns online. Andy Stone, a spokesperson for Instagram, responded publicly and said the flaw had been resolved.
This claim about world leaders is totally false.
The issue that did happen has already been fixed.
— Andy Stone (@andymstone) June 1, 2026
So far, Instagram has not revealed how many users were affected. The company also has not shared additional details about how long the security issue remained active.
Even though the flaw is now fixed, the incident has sparked debate about how much trust users should place in AI-driven support systems. Many users now question whether automated chatbots are ready to handle sensitive account actions safely.
