Attackers social-engineer Meta's AI support chatbot into resetting Instagram passwords

Over the weekend of 31 May–1 June, instructions circulated on Telegram showing how to coax Meta's conversational "AI support assistant" into linking an attacker-controlled email to a target Instagram account and triggering a password reset, bypassing Instagram's normal account-recovery friction (Krebs on Security, 2026-06-01 · TechCrunch, 2026-06-01). Pro-Iranian actors used the method to briefly deface high-profile accounts, including the archived Obama White House handle and that of the Chief Master Sergeant of the U.S. Space Force. The exploit reportedly failed against any account with MFA enabled; Meta said the issue was resolved by 1 June.