Meta AI-powered support tools abused in Instagram account recovery flow
Security Tool/Service
Summary
Hide ▲
Show ▼
Instagram accounts were hijacked after attackers abused Meta’s AI-powered support tools to pass recovery checks and change the recovery email, creating a direct failure in automated identity verification. The abuse reportedly leveraged selfie verification and AI-generated video and could bypass 2FA, leaving victims stuck in AI-only support loops with no human escalation. Reported targets included a White House team account, Jane Manchun Wong, @hey, and @korn, and Meta said the issue had been resolved and impacted accounts were being secured.
Related Happenings
Anthony Belford spoofed-account harassment campaign against a Georgia college student
Campaign
H score35
First: 19.06.2026 11:44
Last: 19.06.2026 11:44
Sources 1
About this happening:
The alleged spoofed-account harassment campaign against a Georgia college student has been tied to repeated use of fake social profiles and email to spread AI-generated...
Anthony Belford spoofed-account harassment campaign against a Georgia college student
CampaignAbout this happening: The alleged spoofed-account harassment campaign against a Georgia college student has been tied to repeated use of fake social profiles and email to spread AI-generated...
Instagram account data exposed through Meta HTS recovery flaw
Data Leak
H score40
First: 08.06.2026 11:00
Last: 08.06.2026 11:00
Sources 1
How related:
Among the data exposed by the security snafu were:
Contact information (email address and/or phone number)
Date of birth
Social media posts and content (photos, videos, stories)
Direct messages and communications
About this happening:
Instagram account data was exposed after a flaw in Meta’s High Touch Support (HTS) recovery flow let unauthorized third parties receive password reset links for 20,225 a...
Instagram account data exposed through Meta HTS recovery flaw
Data LeakHow related: Among the data exposed by the security snafu were: Contact information (email address and/or phone number) Date of birth Social media posts and content (photos, videos, stories) Direct messages and communications
About this happening: Instagram account data was exposed after a flaw in Meta’s High Touch Support (HTS) recovery flow let unauthorized third parties receive password reset links for 20,225 a...
Instagram High Touch Support password reset security flaw
Vulnerability
H score40
First: 08.06.2026 09:00
Last: 08.06.2026 09:00
Sources 1
How related:
The tool itself worked properly and functioned as intended; however due to a bug in a separate code path, the system did not properly verify that the email address provided by the individual requesting a password reset matched the email address associated with that user’s Instagram account,
About this happening:
Meta's High Touch Support (HTS) flaw enabled attackers to trigger Instagram password resets, creating account-takeover risk for over 20,000 users and weakening protect...
Instagram High Touch Support password reset security flaw
VulnerabilityHow related: The tool itself worked properly and functioned as intended; however due to a bug in a separate code path, the system did not properly verify that the email address provided by the individual requesting a password reset matched the email address associated with that user’s Instagram account,
About this happening: Meta's High Touch Support (HTS) flaw enabled attackers to trigger Instagram password resets, creating account-takeover risk for over 20,000 users and weakening protect...
Dashlane personal-plan users' encrypted vault exposure
Data Leak
H score26
First: 02.06.2026 06:55
Last: 02.06.2026 06:55
Sources 1
About this happening:
On May 31, 2026, Dashlane disclosed that an external brute-force account attack led to encrypted vaults being downloaded for fewer than 20 personal-plan users, cre...
Dashlane personal-plan users' encrypted vault exposure
Data LeakAbout this happening: On May 31, 2026, Dashlane disclosed that an external brute-force account attack led to encrypted vaults being downloaded for fewer than 20 personal-plan users, cre...
Instagram accounts for Obama White House hit by account takeover attack
Incident
H score40
First: 01.06.2026 20:32
Last: 01.06.2026 20:32
Sources 1
How related:
Multiple Instagram users had their accounts hijacked after attackers convinced Meta’s AI-powered support tools that they were the legitimate owners.
About this happening:
The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced after attackers abused Meta’s AI supp...
Instagram accounts for Obama White House hit by account takeover attack
IncidentHow related: Multiple Instagram users had their accounts hijacked after attackers convinced Meta’s AI-powered support tools that they were the legitimate owners.
About this happening: The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced after attackers abused Meta’s AI supp...
Timeline
-
02.06.2026 18:47 5 articles · 1mo ago
Instagram account takeovers exploit Meta AI support tools
Initial DisclosureAttackers abused Meta’s AI-powered support tools in Instagram account recovery to convince the system they were the legitimate owners, change the associated email address, and reset access, leaving multiple users locked out of rare or high-value accounts including one previously used by the Obama White House team, one belonging to app researcher Jane Manchun Wong, @hey, and @korn; Meta’s vice president of communications said the issue had been resolved and impacted accounts were being secured.
Show sources
- Instagram users locked out after Meta AI abused to steal accounts — www.bleepingcomputer.com — 02.06.2026 18:47
- Instagram users locked out after Meta AI abused to steal accounts — www.bleepingcomputer.com — 02.06.2026 18:47
- Over 20,000 Instagram accounts stolen in Meta AI support hack — www.bleepingcomputer.com — 08.06.2026 09:00
- Meta Says 20,000 Instagram Accounts Hacked via AI Tool Abuse — www.securityweek.com — 08.06.2026 09:41
- Meta AI Bug Exposes Over 20,000 Instagram Accounts — www.infosecurity-magazine.com — 08.06.2026 11:00