Instagram accounts belonging to the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian imagery over the weekend, after a technique for abusing Meta’s AI support chatbot spread across several Telegram channels.

How the Attack Worked

A video posted by pro-Iran hackers on Telegram documented a multi-step exploit that appeared straightforward in execution. The attacker used a VPN connection with an IP address near the target account’s usual location, then initiated a password reset flow and chose to interact with Meta’s AI support assistant rather than following the standard reset path. The bot was then instructed to link a new email address to the existing account. According to the video, the assistant complied and sent a one-time verification code to the attacker-supplied address, completing the account takeover.

The same Telegram posts included screenshots of defaced Instagram accounts and claimed that the technique had been used to seize a number of short, high-value Instagram usernames with an alleged combined resale value exceeding half a million dollars.

Meta’s Response

Meta did not respond to press inquiries about the technical details, but company spokesperson Andy Stone confirmed on Twitter/X that the issue had been resolved and that affected accounts were being secured. Security blog thecybersecguru.com reported that Meta pushed an emergency patch over the weekend and clarified that no backend database was compromised.

The blog noted the structural conditions that made the attack possible. Instagram’s limited human support infrastructure had led Meta to deploy a conversational AI layer to handle common recovery workflows, including relinking lost email addresses and triggering password resets. That same design, intended to reduce friction for locked-out users, created the exploitable opening.

A New Attack Surface for AI-Assisted Support

Ian Goldin, a threat researcher at Lumen’s Black Lotus Labs, said the incident signals a broader shift in the threat landscape as more platforms delegate sensitive account recovery tasks to AI chatbots.

“AI chatbots create interesting new attack surface, and we’re likely going to see a lot more of these kinds of attacks,” Goldin said. He drew a direct parallel to social engineering of human support staff, noting that AI assistants share the same fundamental vulnerability: an eagerness to help that can be exploited through persuasion and misdirection.

Mitigation

The exploit had a notable limitation: the attackers themselves acknowledged it failed against accounts with any form of multi-factor authentication enabled. Security professionals and users alike should treat this as a reminder to enable the strongest MFA option available, such as a passkey or hardware security key. Even SMS-based one-time codes, the weakest MFA form Instagram supports, were sufficient to block this particular attack vector.

  • Enable MFA immediately on any Instagram or Meta account, using the strongest available method.
  • Prefer passkeys or hardware security keys over SMS-based codes where the platform allows it.
  • Monitor linked email addresses on your accounts for unauthorized additions.