Find notable cyber news and cases, enriched with sources, timelines, and signals.

Instagram accounts for Obama White House hit by account takeover attack

Incident
First reported
Last updated
Happening score
H score 40
4 unique sources, 5 articles

Summary

Hide ▲

The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced after attackers abused Meta’s AI support assistant to reset passwords, creating a public-facing account takeover risk. The reported workflow let the attacker link a new email address and receive a reset code, which enabled the hijack and message injection. Meta reportedly pushed an emergency patch, and the exploit reportedly failed when MFA was enabled.

Related Happenings

Instagram account data exposed through Meta HTS recovery flaw

Data Leak
H score40 First: 08.06.2026 11:00 Last: 08.06.2026 11:00 Sources 1

How related: Among the data exposed by the security snafu were: Contact information (email address and/or phone number) Date of birth Social media posts and content (photos, videos, stories) Direct messages and communications

About this happening: Instagram account data was exposed after a flaw in Meta’s High Touch Support (HTS) recovery flow let unauthorized third parties receive password reset links for 20,225 a...

Instagram High Touch Support password reset security flaw

Vulnerability
H score40 First: 08.06.2026 09:00 Last: 08.06.2026 09:00 Sources 1

How related: The tool itself worked properly and functioned as intended; however due to a bug in a separate code path, the system did not properly verify that the email address provided by the individual requesting a password reset matched the email address associated with that user’s Instagram account,

About this happening: Meta's High Touch Support (HTS) flaw enabled attackers to trigger Instagram password resets, creating account-takeover risk for over 20,000 users and weakening protect...

Meta AI-powered support tools abused in Instagram account recovery flow

Security Tool/Service
H score26 First: 02.06.2026 18:47 Last: 02.06.2026 18:47 Sources 1

How related: As BleepingComputer reported one week ago, the threat actors exploited a flaw in the company's High Touch Support (HTS) tool, an AI-assisted support system that helps users regain access after being locked out of their Instagram accounts.

About this happening: Instagram accounts were hijacked after attackers abused Meta’s AI-powered support tools to pass recovery checks and change the recovery email, creating a direct failure in...

Dashlane personal-plan users' encrypted vault exposure

Data Leak
H score26 First: 02.06.2026 06:55 Last: 02.06.2026 06:55 Sources 1

About this happening: On May 31, 2026, Dashlane disclosed that an external brute-force account attack led to encrypted vaults being downloaded for fewer than 20 personal-plan users, cre...

Kali365 Microsoft 365 device-code phishing campaign

Campaign
H score46 First: 25.05.2026 15:45 Last: 25.05.2026 15:45 Sources 1

About this happening: A Kali365 phishing campaign is targeting Microsoft 365 environments worldwide with device-code login lures, putting accounts at risk of token theft and MFA bypas...

Timeline

  1. 01.06.2026 20:32 3 articles · 1mo ago

    Telegram channels spread a Meta AI support assistant password-reset trick

    Initial Disclosure

    Telegram channels begin circulating instructions for abusing Meta’s AI support assistant during Instagram password resets by adding a new email address, creating a path to take over an account.

    Show sources
  2. 01.06.2026 20:32 4 articles · 1mo ago

    Obama White House and U.S. Space Force Instagram accounts are briefly defaced

    Victim Impact Update

    The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force are briefly defaced with pro-Iranian images and messages after the password-reset abuse path is used, and Meta reportedly pushes an emergency patch while saying no back-end database was breached.

    Show sources