💨 Abstract

Hackers exploited a vulnerability in Meta's AI chatbot to hijack and sell high-value Instagram accounts, including those of Barack Obama and a U.S. Space Force official. The exploit, known as a "confused deputy," tricked the AI into changing account passwords and email addresses. Meta has since patched the issue, but users with short usernames were primarily targeted. The hack involved using a VPN and Meta's AI-powered account recovery tool to bypass two-factor authentication.

Courtesy: Josh Milton