Instagram has resolved a security issue that reportedly let attackers take over accounts by persuading Meta’s AI-powered support assistant to add a new email address to a target account.
The reports, detailed by TechCrunch after a wave of user complaints between June 1 and June 4, 2026, described a takeover method that did not start with a stolen password. Instead, the weak point appeared to be the recovery process itself: attackers allegedly used Meta’s support chatbot to change where account reset messages were sent, then reset the password and locked out the rightful owner.
Meta said the issue was fixed, and impacted users began receiving warnings. But for creators, public figures, and businesses that rely on Instagram handles as working assets, the incident is a useful warning: account recovery tools are no longer just a safety net. If designed poorly, they can become an attack surface.
What reportedly happened
Several Instagram users reported account compromises over the weekend, with discussions appearing on Reddit and X. TechCrunch reported that affected accounts included the Instagram handle for the Obama-era White House, apparently inactive since 2017, and the account of U.S. Space Force Chief Master Sergeant John Bentivegna.
Security researcher Jane Wong also said her Instagram account was taken over. According to her account, the password changed without her knowledge, alongside repeated password reset attempts.
The most concerning detail was the alleged method. A video posted on X appeared to show a step-by-step account takeover in which the attacker used a VPN to appear closer to the target’s presumed location, then contacted Meta’s AI Support Assistant. The attacker asked the bot to add a new email address to the victim’s Instagram account.
The chatbot then appeared to send a verification code to the email supplied by the attacker. After the attacker gave that code back to the bot, the flow exposed a password reset option. From there, the attacker could set a new password and take control of the account.
TechCrunch said it verified that the public email inbox shown in the video did receive the verification code. That does not prove every reported account compromise used exactly the same route, but it supports the central concern: the support workflow appeared to trust the wrong proof.
Why the recovery flow matters
Most users think of account security as a password problem. Use a strong password, avoid phishing, enable two-factor authentication, and the account should be safer.
This incident points to a different class of risk. An attacker may not need to know the password if they can convince an automated support system to change the account’s recovery destination. Once the recovery email is changed, the password reset process can become a formality.
That is why this kind of flaw is so damaging for social platforms. Support systems exist to help legitimate users recover accounts when something goes wrong. They often need to handle messy cases: lost email access, changed phone numbers, broken authenticator apps, business accounts with former employees, and users who cannot pass the normal checks.
AI support makes that tension sharper. A human support agent can make mistakes, but an automated assistant can potentially apply the same mistake at scale, quickly and consistently, if its guardrails are too permissive. In account recovery, convenience and security are often in direct conflict.
A concrete example for creators
Consider a small fitness creator whose Instagram account drives class bookings, affiliate sales, and direct messages with clients. The creator may have a strong password and two-factor authentication enabled, but the business still depends on one public handle.
If an attacker can get a support assistant to attach a new email address to that account, the creator’s visible security habits may not matter much in the moment. The attacker can reset the password, change profile details, contact followers, or demand payment for return of the account. Even if the platform later restores access, the creator loses time, trust, and revenue during the outage.
That is the practical lesson here. For many Instagram users, the account is not just a login. It is a customer channel, a reputation record, and in some cases a revenue stream. Recovery systems need to treat it that way.
What users should check now
Meta said the issue has been fixed, so this is not a reason to panic-delete accounts or assume every recovery flow is broken. It is a reason to audit the parts of account security people tend to ignore until after something goes wrong.
- Review recovery email and phone numbers: Make sure they are current, secure, and controlled by you or your organization.
- Enable multiple safeguards: Use two-factor authentication, preferably through an authenticator app or hardware security key where available.
- Check login alerts: Treat unexpected password reset emails, login warnings, or recovery messages as urgent signals.
- Separate business access: For brand accounts, avoid relying on one person’s personal inbox or phone number as the only recovery path.
- Document ownership: Businesses and creators should keep clean records of account ownership, associated domains, and platform contacts in case recovery is needed.
None of these steps can fix a platform-side support flaw by themselves. They do reduce the number of weak links an attacker can exploit, and they make legitimate recovery easier if an account is challenged.
The bigger platform lesson
AI support is attractive because platforms operate at a scale where human-only support is expensive and slow. For routine questions, automated help can be useful. But account recovery is not a routine question when the requested change alters ownership signals.
The reported Instagram issue shows why platforms need stricter separation between low-risk support tasks and high-risk account actions. A chatbot can answer questions about settings. It should face much higher barriers before it can help change a recovery email, trigger a password reset, or override normal account protections.
Location spoofing is another important detail. The alleged attacker used a VPN to appear near the target’s presumed location, apparently to avoid automated protections. That suggests platforms cannot rely too heavily on location as a sign of legitimacy, especially when account changes are being requested through support channels.
The hard part is designing recovery that still works for real users. People do lose access to old inboxes. Employees leave companies. Creators change managers. Public figures have teams. A platform that makes recovery impossible creates its own harm. But a platform that lets automated support accept weak proof creates a different harm: the recovery door becomes the easiest door to attack.
What to watch next
The immediate question is whether Meta’s fix only closed this specific chatbot flow or whether it changed the broader rules around AI-assisted account recovery. The more durable fix would be procedural, not just technical: tighter verification before recovery details can be changed, stronger review for high-profile or high-risk accounts, and clearer alerts when ownership signals are modified.
Creators and businesses should also watch whether Instagram sends more detailed notices to affected users. A warning that an issue occurred is helpful, but account owners need to know what changed, when it changed, and which recovery methods should be reviewed.
The incident is not just about Instagram. Any platform adding AI support to sensitive account workflows faces the same test. The more capable the assistant becomes, the more carefully its permissions need to be limited. In customer support, helpfulness is a product feature. In account recovery, unchecked helpfulness can become the vulnerability.