Meta's AI Customer Support Agent Exploited to Hijack Instagram Accounts, Including Obama White House Profile
Attackers exploited Meta's AI customer support agent to take over Instagram accounts by simply asking it to reassign accounts to attacker-controlled email addresses. The vulnerability, first reported by 404 Media on June 5, allowed hackers to compromise high-profile accounts including the dormant Obama White House account, which was used to post pro-Iran content. The incident highlights a broader security gap in AI agent deployment, where flexible, task-oriented systems can be manipulated in ways traditional software and human agents would not allow.
Attackers discovered they could hijack Instagram accounts by directly instructing Meta's AI customer support agent to link those accounts to email addresses under their control, with the agent complying without adequate verification. Among the compromised accounts was the dormant Obama White House Instagram profile, which was used to post pro-Iran content, while other attackers targeted accounts with valuable single-word handles, likely for resale. The only technical hurdle involved using a VPN matching the legitimate account owner's location. Security researchers and academics expressed surprise at the simplicity of the exploit, noting it should have been caught during pre-deployment testing. Meta confirmed on Monday via a spokesperson on X that the vulnerability had been resolved, though the company has not publicly explained how it was missed. Experts warn the incident reflects a systemic challenge with AI agents: unlike traditional software, they respond flexibly to novel inputs, making them useful but also susceptible to manipulation that humans or rule-based systems would naturally resist. Researchers have long flagged such vulnerabilities, including indirect prompt injection attacks, but this case required no such sophistication.
What's missing
Coverage largely omits details about how many accounts were ultimately compromised and whether affected users were notified or had their accounts restored. The broader question of regulatory oversight or liability for AI agent failures in consumer-facing products also receives little attention.
How coverage differed
MIT Technology Review framed the story primarily as a systemic AI security issue affecting the broader industry, using Meta as a case study rather than focusing on corporate negligence. Coverage that originated from 404 Media, a tech-focused outlet, broke the story with more emphasis on the specific incident and its victims, while MIT Technology Review contextualized it within ongoing academic and policy debates about AI agent security.
What different sources said
- MIT Technology ReviewCenter
The Meta hack shows there’s more to AI security than Mythos
Related
Advanced Headlight Technology Legal in Europe and Canada Remains Banned in the United States
Adaptive driving beam (ADB) headlights that reduce glare by automatically dimming when detecting oncoming vehicles are widely used in Europe, Asia, and Canada but remain illegal in the United States despite being technically available in American vehicles. The technology uses LED pixels to intelligently adjust light patterns, addressing widespread complaints about increasingly bright headlights from modern SUVs and pickup trucks. The ban stems from outdated U.S. regulations requiring separate low and high beams, which the National Highway Traffic Safety Administration declined to update to international standards even after Congress authorized changes in 2021.
Linux Kernel Logic-Inversion Bug Enables Local Privilege Escalation Across Major Distributions
A single-character logic-inversion bug (CVE-2026-23111) in the Linux kernel was discovered in early 2025, allowing local privilege escalation and potential full device takeover with a severity score of 7.8/10. The vulnerability affects major Linux distributions including Debian, Ubuntu, and Red Hat Enterprise Linux, though exploitation requires specific conditions including nf_tables enabled and unprivileged user namespaces. The discovery highlights a broader surge in Linux kernel vulnerabilities and strains on maintainers dealing with AI-generated bug reports.
Nintendo Confirms Legend of Zelda: Ocarina of Time Remake Coming in 2026
Nintendo of America released a teaser trailer confirming a remake of The Legend of Zelda: Ocarina of Time is in development with a 2026 release window. The original N64 game, released nearly 30 years ago, is considered one of the greatest video games ever made and has never received a full HD remake for modern consoles. The announcement addresses long-standing fan demand for a next-generation version of the classic title.