Hackers broke into more than 20,000 Instagram accounts using Meta AI, the social network's built-in Artificial Intelligence (AI)-powered support chatbot. The Facebook parent company confirmed the breach in a filing with the attorney general in the US state Maine, revealing that 20,225 social media accounts were compromised.
Several famous names were caught up in the attack.
Former US President Barack Obama's archived White House Instagram account, which boasts over 2.4 million followers, was hijacked. Beauty retailer Sephora and US Space Force Chief Master Sergeant John F. Bentivegna also found themselves targeted. Even former Meta security engineer Jane Manchun Wong wasn't spared. She posted on X that her password was changed without her knowledge, calling the situation "quite concerning."
The ex-Meta employee was reacting to a post that described the attack as a "massive exploit", flagging that "people losing handles they’ve owned since 2010, some worth hundreds of thousands."
"These aren’t some random new accounts, these are verified, locked down accounts and they still got compromised," the original post added.
Even my Instagram account got hacked
— Jane Manchun Wong (@wongmjane) June 1, 2026
The password got changed without my knowledge and I was getting different password reset attempts throughout yesterday. And I got repeatedly logged out from the IG iOS app
Quite concerning https://t.co/F6wjKYrlBo
So how did the hackers actually pull this off?
Meta AI is built into almost every product from the Californian company, including WhatsApp, Instagram, and Facebook. It can answer questions, write text, brainstorm ideas, and generate images from simple prompts.
It also uses Meta's High Touch Support tool, which is designed to help users who've been locked out of their Instagram accounts. The AI chatbot sends password reset links to get users back in.
The problem was a bug in a separate part of the code, which meant the system didn't verify that the email address someone provided actually belonged to that account.
Hackers could request a password reset for any account, pop in their own email address, and the chatbot would happily send the reset link straight to them. If the account owner hadn't set up two-factor authentication, the attackers could waltz right in.
Some hackers even used Virtual Private Networks (VPNs) to spoof the victim's location, helping them slip past Meta's automated security checks.
This issue has been resolved and we are securing impacted accounts.
— Andy Stone (@andymstone) June 1, 2026
Meta moved quickly once it spotted the problem. The company pulled the plug on the dodgy support chatbot straight away and scrapped the faulty code that caused all the trouble.
Andy Stone, Vice President of Communications at Meta, wrote on X: "The issue has been solved and we are securing impacted accounts."
Every password reset link generated through the exploit was also cancelled immediately.
For the 20,000-plus affected users, Meta enrolled their accounts in a mandatory security checkpoint. This means users had to verify their identity through secure channels before they could get back into their profiles.
LATEST DEVELOPMENTS
- New Oura Ring update brings one of the Ring 5's most exciting features to Ring 4
- End of Freeview? UK looks to 'switch off terrestrial television' and replace it with broadband
- Best VPN deals
- Apple unveils slew of child safety features ahead of Keir Starmer's 3-month deadline
- Microsoft launches game-changing Windows 11 update
The company isn't stopping there, though. Before bringing the support tool back online, Meta says it will fix the verification process to ensure email addresses are properly checked against account records.
They said in a statement: "Prior to re-launching the tool, Meta will fix the authentication check in the Instagram recovery entry point to ensure proper verification of email addresses against existing account information before any password reset is initiated.
"Additionally, Meta is conducting a comprehensive review of similar account recovery flows across Meta’s platforms to identify and remediate any potential issues.”
The breach potentially exposed a treasure trove of personal information. Hackers may have accessed email addresses, phone numbers, dates of birth, direct messages, photos, videos, and even details about linked services.
Meta AI can answer questions, write text, brainstorm ideas, and generate images from simple prompts, and can either be accessed as a standalone app or can be found built into Meta-owned platforms such as WhatsApp, Instagram, and Facebook
|META PRESS OFFICE
Muhammad Yahya Patel, vCISO and Cybersecurity Advisor at Huntress, said: "This is a new category of risk that the industry needs to start taking seriously.
"As AI is embedded into operational workflows, customer support, identity verification, and access management. The attack surface shifts from technical vulnerabilities to logical ones.
"Any organisation deploying AI into support, identity, or access workflows needs to ask one question before go-live: what happens if an attacker treats this tool as the attack surface? AI systems that can trigger privileged actions such as password resets, account access, data retrieval this needs the same rigorous access controls and verification logic as any other privileged system. The fact that it’s AI-powered doesn’t make it lower risk. Right now, for many organisations, it’s making it higher.
"The more significant issue is what this signals about the security review process for AI-powered tools before they go into production".
Meta says it can't confirm exactly what data, if any, was taken, but anything the account holder could see was fair game for the attackers.