First global incident with AI: Attackers exploited Meta AI Support Bot to reset Instagram passwords. π€β’β’β’β’ππΎπ€
On June 1, 2026, we learned that there had been a serious breach at Instagram. Now we know that the problem was with the Meta AI Support Assistant, which had direct access to password reset functions and a security flaw. And no human in the loop.
As a result, anyone could take over any Instagram account where MFA was not enabled. Scary, but expected - and predicted by many quite some time ago.
What Iβve learned from this incident:
1οΈβ£ AI vulnerabilities have no barrier to exploitation and require no special knowledge - once you know the right words, anyone can exploit them.
2οΈβ£ Even companies that build AI face challenges not only in protecting it, but also in understanding its real-world security risks.
3οΈβ£ The next couple of years will be fun... I hope your organization is ready.
A couple of days ago, Meta updated the public that the problem had been fixed. Many affected Instagram accounts remain suspended, so I assume the investigation is still ongoing.
Hopefully, Meta will release some insights soon. Meanwhile - enable 2FA and stay closer to humans!!
More details:
Reuters [Post]: https://www.reuters.com/legal/government/high-profile-meta-ai-chatbot-breach-spotlights-security-risks-automation-2026-06-03/
The Guardian [Post]: https://www.theguardian.com/technology/2026/jun/01/meta-ai-hack-obama-sephora-instagram
TechCrunch [Post]: https://techcrunch.com/2026/06/03/instagram-is-alerting-users-who-were-targeted-by-hackers-during-ai-chatbot-attacks/
