Meta’s AI chatbot recently faced a significant privacy issue, where a bug allowed users to view other people’s private prompts and AI-generated responses. Although the bug has been fixed, it remained active for several weeks, raising serious concerns about data security with AI tools. Security researcher Sandeep Hodkasia discovered the flaw on December 26, 2024, earning a $10,000 bug bounty from Meta, which deployed a fix on January 24, 2025.
The vulnerability stemmed from how Meta AI managed prompt editing. When users altered prompts, unique identifiers were generated, which were easily guessable, making it possible for potential attackers to access others’ prompts by changing these numbers. This incident highlights ongoing privacy challenges facing Meta AI, which had previously seen users inadvertently sharing private chats publically upon the app’s launch. For users of AI tools, this emphasizes the necessity for robust data protection practices.
Source link