Meta's AI support bot allowed hackers to hijack high-value Instagram accounts including the Obama White House and U.S. Space Force accounts by tricking the AI into resetting passwords. The exploit involved using a VPN near the target's location, requesting a password reset, then convincing the AI assistant to link accounts to new email addresses.

Attackers defaced accounts with pro-Iranian messages and allegedly stole valuable Instagram usernames worth over $500,000. Meta has patched the vulnerability and secured impacted accounts, confirming no backend databases were breached. The attack only succeeded on accounts without multi-factor authentication.

Security experts warn AI chatbots create new attack surfaces as platforms automate sensitive operations. Instagram's poor human support led to AI implementation, but AI assistants remain equally vulnerable to social engineering as human staff. This incident demonstrates the security risks of AI handling account recovery.