Article
Social Media Cybersecurity

Nine years, 2.4 million followers, zero security: how Iran turned a dead Instagram account into a propaganda weapon

by Ian Lyall
The image features a blurred figure of a toy character standing in front of a smartphone screen displaying various social media app icons. The focus is on the silhouette of the character, emphasizing the contrast between the real-world object and the digital interface. — Credit: Photo by Florian Schmetz / Unsplash cPhoto by Florian Schmetz / Unsplash
Photo by Florian Schmetz / Unsplash

There is a certain comedic precision to the timing. In December 2025, Meta published a blog post boasting that its AI-powered security tools had reduced new account hacks by 30%. Six months later, Iranian-linked hackers seized control of the official Obama White House Instagram account and filled it with images of assassinated Quds Force commander Qasem Soleimani and the caption "The White House is under Shiites' control."

The account had been dormant since January 2017. Nine years. Nobody at Meta thought to lock it down, flag it for enhanced monitoring, or ask whether a verified government account with 2.4 million followers sitting untouched for nearly a decade might represent a security risk.

The hackers did not limit themselves to one target. The Instagram account of US Space Force Chief Master Sergeant John Bentivegna was also compromised, with posts featuring images of Iranian official Ali Larijani, who was killed in an Israeli airstrike in March. The Obama account also received a post featuring audio from "Hanoi Hannah," the Vietnamese radio broadcaster who urged American soldiers to defect during the Vietnam War, repurposed with Arabic text warning US troops to stay away from the Middle East.

The context is not funny at all

The Handala Hack Team, which the US Department of Justice has identified as a front for Iran's Ministry of Intelligence and Security, has claimed a series of attacks on American targets since the US-Israeli conflict with Iran began in late February.

The group has published what it says are personal details of more than 2,300 US Marines stationed in the Persian Gulf. It has claimed to have breached FBI Director Kash Patel's personal Gmail account. It launched a wiping attack on medical technology firm Stryker that crippled emergency ECG networks in Maryland.

Posting Soleimani's face on the Obama White House Instagram is propaganda theatre. The other operations are something else entirely.

The Meta problem

A Meta spokesperson confirmed both accounts were "quickly secured" and the unauthorised content removed. No explanation was offered for how the accounts were accessed or why a dormant government account lacked protections that would have prevented the breach.

This is the company that wants to charge consumers $20 a month for an AI chatbot. It cannot secure a verified account that has been sitting idle since the last year of the Obama presidency.

The 30% reduction in hacks that Meta celebrated in December is a meaningless statistic when the accounts being breached belong to former presidents and senior military officials. The question is not how many random accounts are being protected. It is whether the highest-profile targets on the platform have security proportionate to their value as propaganda tools.

The answer, as of this weekend, is that they do not.

The uncomfortable truth

Social media accounts are now front-line infrastructure in information warfare. Governments understand this. Hostile actors understand this. The platforms themselves appear not to, or at least not enough to dedicate resources to protecting dormant high-value accounts that are sitting there like unlocked cars with the keys in the ignition.

Meta will fix this specific problem. It will not fix the underlying one, which is that the company treats security as a public relations metric rather than an operational priority.

The hackers will be back. They always are. And there are a lot of dormant accounts out there.

by Ian Lyall