Meta fixes bug that could leak users AI prompts and generated content TechCrunch
p
Latest
pp
AI
pp
Amazon
pp
Apps
pp
Biotech Health
pp
Climate
pp
Cloud Computing
pp
Commerce
pp
Crypto
pp
Enterprise
pp
EVs
pp
Fintech
pp
Fundraising
pp
Gadgets
pp
Gaming
pp
Google
pp
Government Policy
pp
Hardware
pp
Instagram
pp
Layoffs
pp
Media Entertainment
pp
Meta
pp
Microsoft
pp
Privacy
pp
Robotics
pp
Security
pp
Social
pp
Space
pp
Startups
pp
TikTok
pp
Transportation
pp
Venture
pp
Staff
pp
Events
pp
Startup Battlefield
pp
StrictlyVC
pp
Newsletters
pp
Podcasts
pp
Videos
pp
Partner Content
pp
TechCrunch Brand Studio
pp
Crunchboard
pp
Contact Us
ppMeta has fixed a security bug that allowed Meta AI chatbot users to access and view the private prompts and AIgenerated responses of other usersppSandeep Hodkasia the founder of security testing firm AppSecure exclusively told TechCrunch that Meta paid him 10000 in a bug bounty reward for privately disclosing the bug he filed on December 26 2024Ā ppMeta deployed a fix on January 24 2025 said Hodkasia and found no evidence that the bug was maliciously exploitedppHodkasia told TechCrunch that he identified the bug after examining how Meta AI allows its loggedin users to edit their AI prompts to regenerate text and images He discovered that when a user edits their prompt Metas backend servers assign the prompt and its AIgenerated response a unique number By analyzing the network traffic in his browser while editing an AI prompt Hodkasia found he could change that unique number and Metas servers would return a prompt and AIgenerated response of someone else entirelyppThe bug meant that Metas servers were not properly checking to ensure that the user requesting the prompt and its response was authorized to see it Hodkasia said the prompt numbers generated by Metas servers were easily guessable potentially allowing a malicious actor to scrape users original prompts by rapidly changing prompt numbers using automated toolsppWhen reached by TechCrunch Meta confirmed it fixed the bug in January and that the company found no evidence of abuse and rewarded the researcher Meta spokesperson Ryan Daniels told TechCrunchppNews of the bug comes at a time when tech giants are scrambling to launch and refine their AI products despite many security and privacy risks associated with their useppMeta AIs standalone app which debuted earlier this year to compete with rival apps like ChatGPT launched to a rocky start after some users inadvertently publicly shared what they thought were private conversations with the chatbotĀ ppTopicspp
Security Editor
ppPut your brand in front of 10000 tech and VC leaders across all three days of Disrupt 2025 Amplify your reach spark real connections and lead the innovation charge Secure your exhibit space before your competitor doespp PayPal taps wallets from China and India to make crossborder payments easier for 2 billion people
pp Apple alerted Iranians to iPhone spyware attacks say researchers
pp Amazon acquires Bee the AI wearable that records everything you say
pp OpenAI agreed to pay Oracle 30B a year for data center services
pp Rocket Labs first hurdle to flying its new rocket is getting it to the pad
pp iOS 26 beta 4 arrives with Liquid Glass tweaks and AI news summaries
pp Threads adds improved content performance metrics for creators
pp 2025 TechCrunch Media LLCp
Latest
pp
AI
pp
Amazon
pp
Apps
pp
Biotech Health
pp
Climate
pp
Cloud Computing
pp
Commerce
pp
Crypto
pp
Enterprise
pp
EVs
pp
Fintech
pp
Fundraising
pp
Gadgets
pp
Gaming
pp
pp
Government Policy
pp
Hardware
pp
pp
Layoffs
pp
Media Entertainment
pp
Meta
pp
Microsoft
pp
Privacy
pp
Robotics
pp
Security
pp
Social
pp
Space
pp
Startups
pp
TikTok
pp
Transportation
pp
Venture
pp
Staff
pp
Events
pp
Startup Battlefield
pp
StrictlyVC
pp
Newsletters
pp
Podcasts
pp
Videos
pp
Partner Content
pp
TechCrunch Brand Studio
pp
Crunchboard
pp
Contact Us
ppMeta has fixed a security bug that allowed Meta AI chatbot users to access and view the private prompts and AIgenerated responses of other usersppSandeep Hodkasia the founder of security testing firm AppSecure exclusively told TechCrunch that Meta paid him 10000 in a bug bounty reward for privately disclosing the bug he filed on December 26 2024Ā ppMeta deployed a fix on January 24 2025 said Hodkasia and found no evidence that the bug was maliciously exploitedppHodkasia told TechCrunch that he identified the bug after examining how Meta AI allows its loggedin users to edit their AI prompts to regenerate text and images He discovered that when a user edits their prompt Metas backend servers assign the prompt and its AIgenerated response a unique number By analyzing the network traffic in his browser while editing an AI prompt Hodkasia found he could change that unique number and Metas servers would return a prompt and AIgenerated response of someone else entirelyppThe bug meant that Metas servers were not properly checking to ensure that the user requesting the prompt and its response was authorized to see it Hodkasia said the prompt numbers generated by Metas servers were easily guessable potentially allowing a malicious actor to scrape users original prompts by rapidly changing prompt numbers using automated toolsppWhen reached by TechCrunch Meta confirmed it fixed the bug in January and that the company found no evidence of abuse and rewarded the researcher Meta spokesperson Ryan Daniels told TechCrunchppNews of the bug comes at a time when tech giants are scrambling to launch and refine their AI products despite many security and privacy risks associated with their useppMeta AIs standalone app which debuted earlier this year to compete with rival apps like ChatGPT launched to a rocky start after some users inadvertently publicly shared what they thought were private conversations with the chatbotĀ ppTopicspp
Security Editor
ppPut your brand in front of 10000 tech and VC leaders across all three days of Disrupt 2025 Amplify your reach spark real connections and lead the innovation charge Secure your exhibit space before your competitor doespp PayPal taps wallets from China and India to make crossborder payments easier for 2 billion people
pp Apple alerted Iranians to iPhone spyware attacks say researchers
pp Amazon acquires Bee the AI wearable that records everything you say
pp OpenAI agreed to pay Oracle 30B a year for data center services
pp Rocket Labs first hurdle to flying its new rocket is getting it to the pad
pp iOS 26 beta 4 arrives with Liquid Glass tweaks and AI news summaries
pp Threads adds improved content performance metrics for creators
pp 2025 TechCrunch Media LLCp
