A recently detailed security incident involving beauty retailer Sephora's Instagram account has highlighted a critical flaw in Meta's AI-driven account recovery system, according to a report by Inside Retail Asia . Hackers exploited the system's automated verification process to seize control of the high-profile account, demonstrating how AI can be manipulated if not properly safeguarded.
The attack underscores a growing vulnerability in social media platforms that rely on AI for security measures. In the Sephora case, the hackers bypassed standard two-factor authentication by tricking Meta's AI into approving a recovery request. This allowed them to reset the account password and lock out the legitimate owner, potentially exposing customer data and brand communications.
Industry experts warn that such AI weaknesses are not isolated to Meta, but the incident serves as a wake-up call for companies to review their digital security protocols. For retailers like Sephora, a compromised social media presence can damage brand trust and lead to financial losses. Meta has stated it is investigating the flaw and plans to update its account recovery algorithms.