Over the weekend of May 30–31, 2026, Instagram became the stage for a new breed of cyberattack. Hackers didn't steal passwords through phishing or trick users into giving up codes. Instead, they talked to a machine. By exploiting a flaw in Meta’s AI-powered support chatbot, attackers successfully hijacked dozens of high-profile accounts, including the archival Obama White House page, retail giant Sephora, and even the official account of the U.S. Space Force's Chief Master Sergeant, John Bentivegna.

The vulnerability was not a traditional data breach but rather a logic flaw in the automated account recovery system. Meta had recently rolled out an AI support assistant designed to help locked-out users regain access quickly. However, security researchers and malicious actors discovered that the chatbot lacked strict identity verification, allowing it to be manipulated into handing over control of any account—provided the attacker knew the target’s public username.

How the AI Exploit Actually Worked

The attack was surprisingly simple, relying on social engineering—except the target was an algorithm, not a person. First, hackers used a VPN to spoof the geographic location of the target user, tricking Meta’s basic security flags. Then, they initiated a chat with the AI support assistant, claiming to be the owner of a specific username (e.g., @Sephora) who had lost access to their email.

Because the system was designed to be helpful, the AI complied. It allowed the hacker to link a new, unauthorized email address to the target account. Once the new email was linked, password reset codes were sent directly to the attacker. The victim's original email address was completely removed from the account, locking them out instantly. Meta confirmed that the loophole was discovered on Friday, May 29, and an emergency patch was deployed. However, step-by-step instructions had already leaked on Telegram, leading to a wave of copycat attacks over the weekend.

• Vulnerability: AI chatbot permission to change recovery emails without strong identity checks.
• Method: VPN location spoofing combined with a prompt injection loop.
• Why 2FA Saved You: Users with app-based Two-Factor Authentication were protected because the hacker still needed the rotating code to complete the login, which the AI could not bypass.

Was Your Data Leaked? (Two Different Incidents)

It is important to distinguish between the recent account takeover campaign and a separate data scrape from earlier in the year. In January 2026, cybersecurity firm Malwarebytes discovered a leak involving 17.5 million Instagram users on the dark web. That older incident exposed public information such as usernames, phone numbers, and email addresses—but critically, no passwords were included. Hackers used that leaked data to blast out automated, unsolicited password reset emails in an attempt to panic users.

In contrast, the May 2026 AI chatbot hack did not involve a database leak. No passwords, private messages, or financial data were taken from Meta’s servers. The only "data" exposed was the account recovery email address, which attackers swapped out to seize control. Once inside, the hackers posted unauthorized content—ranging from political propaganda on the Obama page to spam on Sephora’s profile—before Meta restored the affected accounts.

How to Secure Your Account Now

Meta spokesperson Andy Stone confirmed that the loophole has been fixed, and all compromised high-profile accounts have been restored. However, given the sophistication of these attacks, users should take proactive steps to ensure they are not vulnerable to the next exploit.

• Enable App-Based 2FA (Not SMS): Go to your security settings and use an authenticator app like Google Authenticator or Duo. SMS codes can be intercepted; app-based codes cannot. Users with 2FA enabled were successfully protected from this specific exploit.
• Review Your Connected Emails: Check your Accounts Center to ensure the primary email and phone number listed belong to you and have not been changed.
• Use the Official Recovery Hub: If you suspect your account was compromised or you are receiving login alerts you don't recognize, visit the official Instagram Hacked Recovery Portal immediately.
• Ignore Suspicious Reset Emails: If you get an unexpected password reset email, do not click the link. Go directly to Instagram or log in through the app to check your login activity.

The May 2026 incident serves as a clear warning: as platforms integrate generative AI into their core security infrastructure, new attack surfaces emerge. While AI can speed up customer service, it also requires rigorous guardrails. For now, the best defense remains offline—a strong, unique password and an authenticator app on a device you trust.