Think of it like convincing a locksmith that you own the house by simply talking fast enough. That’s essentially what hackers did to Meta’s AI-powered Instagram support chatbot over the weekend of May 30 to June 1, tricking it into handing over the keys to several high-profile accounts.

The compromised accounts included the Instagram archive of the Obama-era White House, beauty retailer Sephora, Chief Master Sergeant John Bentivegna of the US Space Force, and, in a particularly ironic twist, prominent cybersecurity researcher Jane Manchun Wong. Meta has confirmed the exploit and says it has patched the vulnerability and secured the affected accounts.

How the exploit actually worked

The hackers instructed Meta’s AI chatbot to modify the email addresses associated with targeted accounts. In English: they told the bot to swap in attacker-controlled email addresses, then used standard password reset flows to gain full control. The bot apparently complied, generating verification codes and processing the changes without adequate identity checks.

The most alarming detail is that the exploit bypassed two-factor authentication entirely. When an AI assistant can be sweet-talked into circumventing it, that’s not a minor bug. That’s a fundamental design flaw.

Meta reported that no data exfiltration or backend database compromise occurred during the incident. The vulnerability was fixed shortly after discovery.

The AI autonomy problem

Meta had broadened the rollout of its AI assistant in March 2026, just a few months before hackers found a way to weaponize it. The system was designed to enhance customer support by providing faster, automated solutions to common account issues.

The AI chatbot had the authority to change email addresses tied to accounts. It just didn’t have the judgment to question whether the person asking was actually the account owner.

The fact that Jane Manchun Wong, a well-known figure in the security research community who has previously uncovered unreleased features in apps, was among those compromised adds a layer of irony. If someone whose career revolves around finding vulnerabilities in tech platforms can have their account hijacked by a chatbot exploit, the average user doesn’t stand a chance.

What this means for investors and the crypto market

For Meta specifically, the reputational hit is manageable but notable. The company has been positioning AI as central to its future revenue strategy, and a breach that stems directly from AI autonomy undermines that narrative. Three months from expanded rollout to major exploit is not a comforting timeline.

For the crypto industry, the lesson is particularly pointed. Crypto platforms are increasingly adopting AI for customer support, fraud detection, and even transaction processing. Unlike a hijacked Instagram account, which Meta can restore, stolen crypto doesn’t come back.