Meta has corrected a security error that has allowed Meta Ai Chatbot users to access and promote private prompts and answers created by other users.
Sandeep Hodkasia, the founder of the Appsecure Security Testing company, told TechCrunch exclusively that Meta paid him $ 10,000 in a generosity reward for the private revelation of the error he filed on December 26, 2024.
Meta developed a solution on January 24, 2025, said Hodkasia found no indication that the error was exploiting maliciously.
Hodkasia told TechCrunch that it recognized the error after examining how Meta AI allows its registered users to process AI prompts to regenerate the text and images. He discovered that when a user processes their prompting, Meta’s back-end servers commission their prompt and reply created by AI, a unique number. By analyzing network traffic in his browser while working out an AI prompt, Hodkasia found that it could change this unique number and Meta servers would return a prompt and AI’s response to someone else.
The error meant that Meta servers were not properly checked to ensure that the user was asking for the prompt and their answer was authorized to see it. Hodkasia said the immediate numbers created by Meta servers were “easy artists”, possibly allowing a malicious actor to scrape the initial prompts of users with rapidly changing numbers using automated tools.
When achieved by TechCrunch, Meta confirmed that it corrected the error in January and that the company “did not find abuse and rewarded the researcher,” Meta spokesman Ryan Daniels said in Techcrunch.
The news of the error comes at a time when technological giants are trying to start and improve their AI products, despite the many dangers of safety and privacy associated with their use.
The autonomous application of the Meta AI, which debuted earlier this year to compete with opposing applications such as Chatgpt, began in a rocky start after some users who were publicly shared what they considered to be private conversations with Chatbot.
TechCrunch event
Francisco
|
27-29 October 2025
