Bottom line: AI-powered account recovery systems are vulnerable to social engineering attacks when not protected by multi-factor authentication.
Pro-Iranian hackers demonstrated a security vulnerability in Meta’s AI-powered account recovery system that allowed them to reset passwords and take over Instagram accounts. Meta confirmed the fix of the vulnerability following an emergency update.
On May 31, Telegram channels began distributing an exploitation tutorial showing how Meta’s AI support bot could be manipulated to grant access to an existing account through a new email address. A video published by pro-Iranian hackers documented the process: VPN usage with an IP from or near the target location, requesting a password reset process, contacting the AI support assistant, requesting to link the account to a new email address. The bot then sent a one-time code to that address, through which the password could be reset. The Instagram accounts of the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly compromised with pro-Iranian content in early June. The hackers claimed to have taken over high-value, short Instagram handles through this exploit, with alleged resale value exceeding $500,000.
The vulnerability is rooted in the architecture of Meta’s customer support. Instagram is notorious for poor human support infrastructure; locked accounts, particularly valuable ones, often require weeks of correspondence through automated ticketing systems. Meta deployed an AI-powered chatbot to handle common recovery workflows: linking missing email addresses, password resets, verifying account ownership. Meta pushed through an emergency update over the weekend and emphasized that no backend databases were compromised.
Ian Goldin, threat researcher at Lumens Black Lotus Labs, warns of new attack scenarios: AI chatbots in sensitive account recovery processes create a previously untested attack surface. Just as human support staff can be manipulated through social engineering, AI bots are helpful systems that are susceptible to manipulation. The hackers themselves reported that the exploit failed on accounts with multi-factor authentication (MFA) enabled—even with the weakest form offered by Instagram, such as SMS-based one-time codes.
Source: krebsonsecurity.com · Published June 1, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.2.8.