Practical guides to protect yourself, your family, and your business from AI-driven scams, deepfakes, and emerging cyber threats.
Between April 17 and early June 2026, attackers took control of 20,225 Instagram accounts without stealing a single password. They opened a chat with Meta's AI Support Assistant, the automated chatbot that handles account-help requests, and asked it to reset the password on accounts that were not theirs. The bot obliged.
What makes this worth your attention is not that a chatbot got fooled. It is that the chatbot was handed the authority to reset passwords, while the safety check meant to stop abuse sat in a separate piece of code that happened to be broken. The result was an account takeover anyone could perform by typing a request in plain English.
Meta disclosed the breach in a notification filed with the Maine Attorney General on June 5, 2026. The stolen accounts included short, valuable usernames that resell on gray markets for hundreds to thousands of dollars, the dormant Obama-era White House handle, and the account of U.S. Space Force Chief Master Sergeant John Bentivegna, the service's highest-ranking enlisted member. TechCrunch published the first report on June 1, after a video of the full attack circulated on X.
The method was almost mundane. An attacker first used a VPN to appear in the victim's region, sidestepping Instagram's location-based fraud checks. They then told the AI Support Assistant to add a new email address to the target's account. The bot sent a verification code to that attacker-controlled address, the attacker read the code back to the bot, and the bot offered a "Reset Password" button. One click, and the account was gone. The flaw was a missing check. By Meta's own account, the system never confirmed that the email address the requester supplied actually matched the one on file for the account. The chatbot did exactly what it was told, and the guardrail that should have caught the lie was the part that failed. It only failed on accounts that did not have two-factor authentication (a second login step beyond the password, such as a code from an authenticator app) switched on.
The concrete damage is on the record: 20,225 hijacked accounts, seven weeks of exposure, private messages and personal data in the hands of strangers, and government and military handles among the losses. For your own organization the lesson is sharper than "Meta made a mistake." Customer support, IT help desks, and account-recovery flows are exactly where companies are now placing AI agents, because the work is repetitive and expensive. The moment such an agent can perform a privileged action like resetting a password or adding a recovery address, it inherits the power of the human it replaced without the instinct that makes a person pause at a strange request. A help-desk worker might sense that something is off. The bot processed the request as routine. The systemic shift worth raising in your next review is structural. When the agent and the verification check live in separate code paths, a single bug in the check turns a friendly assistant into an authentication bypass that scales to every account at once. Attackers no longer need to break the lock. They ask the system that holds the key.
The attackers did not defeat Meta's security so much as walk through a door it left open and labeled "support." A chatbot was handed the keys to account recovery, the check that was supposed to verify each request was quietly broken, and 20,225 people paid for it. As more companies route account recovery, help-desk work, and customer service through AI agents this year, the question to bring to your next planning meeting is simple. If one of your bots can reset a password or change a recovery address, what independent check confirms the person asking is who they claim to be? You can switch on two-factor authentication for your own account through Instagram's official two-factor setup guide.


