A Meta AI account-recovery flow was weaponized to steal roughly $1 million across Instagram and Facebook accounts. Attackers used social engineering to trigger legitimate password reset links through Meta AI, effectively turning Meta's own infrastructure into the attack vector. The exploit required no technical sophistication from the attacker, only manipulation of a system that trusted too much.
The core failure is what security researchers call a confused deputy problem: Meta AI held elevated permissions it did not need, and attackers exploited that trust relationship to act on behalf of victims. Two-factor authentication did not stop this. The video walks through exactly how each stage of the scam worked, which is the section worth watching even if you skip the rest.
The broader implication is that AI systems with account access create new attack surfaces that traditional security advice does not cover. Prompt injection and delegated authority attacks are not theoretical. The hosts close with specific steps on authentication hardening and account hygiene, and the White House has already responded to the incident, signaling this is moving toward regulation faster than most expect.
[WATCH ON YOUTUBE →]