Instagram accounts for Obama White House hit by account takeover attack
Incident
Summary
Hide ▲
Show ▼
The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced after attackers abused Meta’s AI support assistant to reset passwords, creating a public-facing account takeover risk. The reported workflow let the attacker link a new email address and receive a reset code, which enabled the hijack and message injection. Meta reportedly pushed an emergency patch, and the exploit reportedly failed when MFA was enabled.
Related Happenings
Instagram account data exposed through Meta HTS recovery flaw
Data Leak
H score40
First: 08.06.2026 11:00
Last: 08.06.2026 11:00
Sources 1
How related:
Among the data exposed by the security snafu were:
Contact information (email address and/or phone number)
Date of birth
Social media posts and content (photos, videos, stories)
Direct messages and communications
About this happening:
Instagram account data was exposed after a flaw in Meta’s High Touch Support (HTS) recovery flow let unauthorized third parties receive password reset links for 20,225 a...
Instagram account data exposed through Meta HTS recovery flaw
Data LeakHow related: Among the data exposed by the security snafu were: Contact information (email address and/or phone number) Date of birth Social media posts and content (photos, videos, stories) Direct messages and communications
About this happening: Instagram account data was exposed after a flaw in Meta’s High Touch Support (HTS) recovery flow let unauthorized third parties receive password reset links for 20,225 a...
Instagram High Touch Support password reset security flaw
Vulnerability
H score40
First: 08.06.2026 09:00
Last: 08.06.2026 09:00
Sources 1
How related:
The tool itself worked properly and functioned as intended; however due to a bug in a separate code path, the system did not properly verify that the email address provided by the individual requesting a password reset matched the email address associated with that user’s Instagram account,
About this happening:
Meta's High Touch Support (HTS) flaw enabled attackers to trigger Instagram password resets, creating account-takeover risk for over 20,000 users and weakening protect...
Instagram High Touch Support password reset security flaw
VulnerabilityHow related: The tool itself worked properly and functioned as intended; however due to a bug in a separate code path, the system did not properly verify that the email address provided by the individual requesting a password reset matched the email address associated with that user’s Instagram account,
About this happening: Meta's High Touch Support (HTS) flaw enabled attackers to trigger Instagram password resets, creating account-takeover risk for over 20,000 users and weakening protect...
Meta AI-powered support tools abused in Instagram account recovery flow
Security Tool/Service
H score26
First: 02.06.2026 18:47
Last: 02.06.2026 18:47
Sources 1
How related:
As BleepingComputer reported one week ago, the threat actors exploited a flaw in the company's High Touch Support (HTS) tool, an AI-assisted support system that helps users regain access after being locked out of their Instagram accounts.
About this happening:
Instagram accounts were hijacked after attackers abused Meta’s AI-powered support tools to pass recovery checks and change the recovery email, creating a direct failure in...
Meta AI-powered support tools abused in Instagram account recovery flow
Security Tool/ServiceHow related: As BleepingComputer reported one week ago, the threat actors exploited a flaw in the company's High Touch Support (HTS) tool, an AI-assisted support system that helps users regain access after being locked out of their Instagram accounts.
About this happening: Instagram accounts were hijacked after attackers abused Meta’s AI-powered support tools to pass recovery checks and change the recovery email, creating a direct failure in...
Dashlane personal-plan users' encrypted vault exposure
Data Leak
H score26
First: 02.06.2026 06:55
Last: 02.06.2026 06:55
Sources 1
About this happening:
On May 31, 2026, Dashlane disclosed that an external brute-force account attack led to encrypted vaults being downloaded for fewer than 20 personal-plan users, cre...
Dashlane personal-plan users' encrypted vault exposure
Data LeakAbout this happening: On May 31, 2026, Dashlane disclosed that an external brute-force account attack led to encrypted vaults being downloaded for fewer than 20 personal-plan users, cre...
Kali365 Microsoft 365 device-code phishing campaign
Campaign
H score46
First: 25.05.2026 15:45
Last: 25.05.2026 15:45
Sources 1
About this happening:
A Kali365 phishing campaign is targeting Microsoft 365 environments worldwide with device-code login lures, putting accounts at risk of token theft and MFA bypas...
Kali365 Microsoft 365 device-code phishing campaign
CampaignAbout this happening: A Kali365 phishing campaign is targeting Microsoft 365 environments worldwide with device-code login lures, putting accounts at risk of token theft and MFA bypas...
Timeline
-
01.06.2026 20:32 3 articles · 1mo ago
Telegram channels spread a Meta AI support assistant password-reset trick
Initial DisclosureTelegram channels begin circulating instructions for abusing Meta’s AI support assistant during Instagram password resets by adding a new email address, creating a path to take over an account.
Show sources
- Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts — krebsonsecurity.com — 01.06.2026 20:32
- Instagram users locked out after Meta AI abused to steal accounts — www.bleepingcomputer.com — 02.06.2026 18:47
- Meta AI Bug Exposes Over 20,000 Instagram Accounts — www.infosecurity-magazine.com — 08.06.2026 11:00
-
01.06.2026 20:32 4 articles · 1mo ago
Obama White House and U.S. Space Force Instagram accounts are briefly defaced
Victim Impact UpdateThe Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force are briefly defaced with pro-Iranian images and messages after the password-reset abuse path is used, and Meta reportedly pushes an emergency patch while saying no back-end database was breached.
Show sources
- Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts — krebsonsecurity.com — 01.06.2026 20:32
- Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts — krebsonsecurity.com — 01.06.2026 20:32
- Over 20,000 Instagram accounts stolen in Meta AI support hack — www.bleepingcomputer.com — 08.06.2026 09:00
- Meta Says 20,000 Instagram Accounts Hacked via AI Tool Abuse — www.securityweek.com — 08.06.2026 09:41