Space Force Chief’s Instagram Hacked by Iran-Linked Hackers, June 02

Hackers linked to Iran breached the Instagram account of Chief Master Sgt. John Bentivegna, the top enlisted guardian in the US Space Force, on May 31 and posted pro-Iran propaganda videos for several hours. The attack also compromised the dormant Obama White House Instagram account. Security researchers traced the breach to a flaw in Meta’s AI support assistant that allowed attackers to reset account passwords without proper verification.

How the Hack Worked

Pro-Iran hackers exploited a vulnerability in Meta’s AI support bot to gain access to high-profile accounts. According to security researchers, attackers used a VPN connection matching the target’s hometown, requested a password reset, and then instructed Meta’s AI bot to link the account to a new email address. The bot sent a one-time code to that email, allowing full account takeover. Meta pushed an emergency patch over the weekend and confirmed no backend database was breached.

What Was Posted on Bentivegna’s Account

The hacked account displayed multiple pro-Iran videos and anti-US messages over several hours on May 31. One video used audio from “Hanoi Hannah,” a Vietnam War propagandist, telling US soldiers to “leave a sinking ship.” The posts also featured images of late Iranian security official Ali Larijani, who was killed weeks into the US-Israel-Iran war. Bentivegna warned colleagues not to click links or engage with the hacked content.

Broader Cyber Threats Against US Military

The breach reflects a pattern of escalating cyber attacks on US military personnel during the conflict with Iran. US Central Command reported receiving multiple threat reports about adversaries exploiting commercial location data to target or surveil US personnel in the Middle East. In late April, suspected Iranian hackers sent threatening text messages to US Marine Corps personnel and their families. Military leaders have repeatedly warned troops that their phones and online accounts could become targets during wartime.

Meta’s Response and Security Implications

Meta confirmed the breach and removed all unauthorized posts within hours. The company stated it secured impacted accounts and pushed an emergency patch to prevent further exploitation. However, the incident exposed a significant vulnerability in Meta’s customer support system. Security researchers noted that hackers also targeted valuable short Instagram account names with resale values exceeding half a million dollars, suggesting the exploit was widely shared on hacker forums.

Final Thoughts

The breach exposes a critical vulnerability in Meta’s AI support system and demonstrates how easily high-profile accounts can be compromised during wartime. US military personnel remain at heightened risk from cyber attacks linked to the Iran conflict.

FAQs

Disclaimer:

The content shared by Meyka AI PTY LTD is solely for research and informational purposes.  Meyka is not a financial advisory service, and the information provided should not be considered investment or trading advice.