Hackers took over multiple Instagram accounts this week by exploiting Meta's AI support chatbot — convincing it to reset passwords and reroute verification emails to attacker-controlled addresses. The breach bypassed two-factor authentication entirely. Among the targets: the Obama White House account, with 2.4 million followers, and the official Instagram of the Chief Master Sergeant of Space Force.
How the exploit worked
The hackers didn't need passwords or a token. They simply asked Meta's AI chatbot to reset a target account's password and told it to send the verification email to an address they controlled. Screen captures of the interaction circulated on Telegram and were reposted by users who replicated the attack on their own test accounts. The AI complied, handing over control of accounts that had 2FA enabled — a security layer that should have stopped the reset.
📊 Market Data Snapshot
Which accounts were hit
The Obama White House account posted a caption on Sunday reading: 'The White House is under Shiites' control.' The post was soon deleted. The Chief Master Sergeant of Space Force account was also compromised, though no posts appeared from it. Meta hasn't disclosed the total number of accounts affected, but the exploit appears to have worked against any account where the AI chatbot had authority to trigger a password reset.
Meta's response
Andy Stone, Meta's VP of Communications, acknowledged the issue publicly. He said the problem has been fixed and impacted accounts are being secured. He didn't detail what changed in the chatbot's logic or whether a human-in-the-loop has been introduced for sensitive actions like password resets.
Why crypto should care
The attack isn't crypto-specific, but the method is a blueprint that works on any platform using AI chatbots for account recovery — including centralized exchanges and wallet services. If a hacker can trick a bot into resetting a password on a crypto exchange, they could drain accounts in minutes, bypassing 2FA. The incident reinforces the fragility of Web2 authentication and strengthens the argument for self-custody and decentralized identity solutions. With the Fear & Greed index at 29 and Bitcoin down 2.93% in 24 hours, the market is already risk-off — but every centralized security failure nudges capital toward trustless alternatives.
Whether Meta has permanently locked down its AI support system against prompt-injection attacks — or if other tech giants will review their own chatbots — remains an open question.
