Your privacy choices

We use analytics to improve Pollar and, with your consent, marketing tools (Meta, X) to measure our ads. You can change this anytime in Settings.

Privacy policy
Pollar
HomeAskLiveSearchMapMarketsNotificationsFor You
BriefThreadsMarkets
Privacy

Today’s Brief

Hormuz, Kyiv and 600 AQI

Trump escalates Iran war as smoke chokes America and Kyiv's reshuffle erupts

The day brought hard power, bad air and brittle politics. Washington and Tehran widened their exchange, Ukraine's wartime leadership cracked in public, and North America counted the health cost of fire and flood.

Read the Brief
Reader-supported

Free to read, and staying that way

No ads. Membership keeps Pollar independent.

Support Pollar
Membership

Members don't see this panel.

  • Supporter$29.99/yr
  • Founder$69.99/yr
Support Pollar

Live now

All live coverage
  • Magnitude 7.4 earthquake strikes Mexico

    Strikes off the coast of Mexico with a magnitude of 7.4, triggering a tsunami warning for nearby coastal areas.

In the spotlight

All threads

European Union · Updated 5h ago

Important

The Green Deal under revision

The European Commission's proposed ETS overhaul fundamentally alters the pace of decarbonisation and the phase-out of free allowances, impacting industrial competitiveness and the broader climate framework.

HomeBriefThreadsAsk
Categories
© Libertatea
AI & Tech·Jun 2

Meta AI support chatbot tricked into handing over Instagram accounts with a single request

A vulnerability in Meta's AI-powered support assistant allowed attackers to take over high-profile Instagram accounts simply by asking the chatbot to change the associated email address, bypassing passwords and two-factor authentication.

A critical security flaw in Meta's AI support chatbot enabled hackers to hijack dozens of Instagram accounts, including verified profiles belonging to a former US president's archived White House page, a senior US Space Force commander, and the cosmetics retailer Sephora. The exploit, first reported by 404 Media, required no password or two-factor authentication code from the original owner.

How the exploit worked

Attackers initiated Instagram's account recovery process and contacted the Meta AI support assistant. They requested the bot link a new email address to the target account. The AI complied, sending a verification code to the attacker-controlled email. Once verified, the system issued a password reset link, locking out the legitimate owner. The only technical hurdle was location: the bot checks whether a request originates from the account's familiar region. Hackers circumvented this by using a VPN to spoof their location. In some cases where the bot requested a selfie for verification, attackers used another AI tool to generate a fake image of the supposed account holder.

The dumbest security vulnerability I have ever seen.

— Siddharth Sundharam

Step-by-step tutorials and videos demonstrating the method circulated in Telegram hacking groups over the past weekend. One video shared by cybersecurity researcher Dark Web Informer on X showed the entire process, from searching for a target username to receiving the password reset link.

High-profile targets compromised

Among the compromised accounts was the archived Instagram profile of the White House from Barack Obama's administration, which had been inactive since 2017. After the takeover, the account posted pro-Iranian propaganda. The account of Chief Master Sergeant of the Space Force John F. Bentivegna was also hijacked and used to disseminate pro-Iranian and anti-American content. Bentivegna later warned followers on Facebook not to interact with the posts.

Experiences like this make it clear that cybersecurity is not just a corporate issue, but something we all deal with in our daily lives.

— John F. Bentivegna

Other victims included the Sephora account, security researcher and former Meta employee Jane Manchun Wong, developer Albert Renshaw, and numerous users with coveted short usernames, which can fetch hundreds of thousands of dollars on the black market. Wong reported that her password was changed without her knowledge and she received multiple unauthorized reset attempts.

My password got changed without my knowledge and I was getting different password reset attempts throughout yesterday. Quite concerning.

— Jane Manchun Wong

Support independent Pollar

Supporter and Founder memberships keep every article free to read, and add offline reading, audio, and a sponsor-free brief.

See membership tiers

Victims locked out with no human recourse

Affected users found themselves in a Kafkaesque loop. The same AI system that facilitated the hijacking was their only available support channel, and it proved incapable of restoring access. One victim, the owner of the @korn account, described spending six hours trying to get help, only to receive four broken links from Meta's support AI. The account had been secured with Meta Verified and a facial recognition scan, neither of which prevented the takeover.

An AI stole my account, another AI can't fix it — zero humans in the loop anywhere.

— @korn user on X

Tech author Gergely Orosz noted on X that Meta's trust and safety team at Instagram had been "completely hollowed out" recently, a potential contributing factor. The incident coincides with massive workforce cuts at Meta amid billions of dollars in AI spending.

Meta's response

Meta spokesperson Andy Stone confirmed the issue had been resolved and that the company was securing impacted accounts. He disputed claims that the vulnerability was used to hack accounts of world leaders, calling such reports "totally false." The company had launched the AI support assistant in March, promoting it as a tool that could help prevent account takeovers. An independent EU dispute resolution body noted last week that Meta virtually never responds when it raises cases of users who say they have been wrongly banned.

Timeline of the Meta AI Instagram vulnerability
  1. Dec 1, 2025Meta launches AI-powered support chatbot with account recovery and password reset capabilities
  2. Mar 1, 2026Meta announces expansion of AI support to handle all customer inquiries including sensitive account functions
  3. May 30, 2026Tutorials and videos demonstrating the exploit begin circulating in Telegram hacking groups
  4. Jun 1, 2026404 Media first reports the vulnerability; multiple high-profile account takeovers confirmed
  5. Jun 2, 2026Meta spokesperson Andy Stone confirms the issue is resolved and impacted accounts are being secured
Menlo Park
Andy StoneJane Manchun WongJohn F. BentivegnaBarack ObamaSiddharth SundharamAlbert RenshawGergely Orosz
Barack Obama

8 sources

  • Vulnerabilitate gravă în Meta AI: cum "sparg" hackerii conturi de Instagram fără să aibă nevoie de parolă
    Libertatea·Jun 2
  • Hacker kapern Instagram-Konten mit nur einem Satz
    Blick.ch·Jun 2
  • Un fallo de seguridad de Meta AI ha facilitado el robo de varias cuentas de alto perfil en Instagram
    20 minutos·Jun 2
  • Chatbot gab Hackern Zugriff auf prominente Instagram-Accounts
    newsORF.at·Jun 2
  • Meta AI chatbot enabled hackers to access others' Instagram accounts
    BBC·Jun 2
  • Meta AI chatbot enabled hackers to access others' Instagram accounts
    BBC·Jun 2
  • KI als Sicherheitslücke: Wie der Chatbot von Meta Angreifern fremde Accounts öffnete
    Spiegel Online·Jun 2
  • Il suffisait de demander: comment le chatbot d'assistance de Meta IA a aidé des pirates à voler des comptes Instagram... sans même avoir accès aux mails de leurs propriétaires
    BFMTV·Jun 2

Get Pollar Weekly

The week in news, every Friday. Free.

Free. No ads. Unsubscribe anytime.

More from Society & Science
AI-generated·Learn how
Safety·11m ago
© ANSA.it

Magnitude 7.4 earthquake strikes off Mexico's Chiapas coast, tsunami warnings issued for Mexico and Guatemala

A shallow magnitude 7.4 earthquake struck near Puerto Madero in Mexico's southern Chiapas state on Friday, prompting the US Tsunami Warning System to issue a tsunami threat for Mexico and Guatemala.

Read article
AI & Tech·4h ago
© Xataka

Moonshot unveils Kimi K3, a 2.8-trillion-parameter open model that narrows the gap with US frontier AI

The Beijing startup claims its new system outperforms several top-tier US models on coding and complex tasks, though independent verification of the weights is still two weeks away.

Read article
Discoveries·from Jul 17·upd. 8h ago
© ANSA.it

SpaceX aborts Starship test flight at ignition: two Raptors to be replaced, new attempt next week

The abort at Starbase, Texas, marks the first Starship attempt since the company’s record Wall Street debut in June. Elon Musk said two engines would be replaced, with a retry expected early in the week of July 20.

Read article