Vulnerability cyber

Meta

Jul 18, 2025 1 min read
Meta

A researcher discovered a bug in the Meta AI chatbot that allowed unauthorized access to private user conversations. The bug was reported to Meta, which awarded the researcher a $10,000 bounty. The bug allowed anyone to view private prompts and responses by changing unique identification numbers, potentially exposing a host of users' conversations. Meta confirmed the fix and stated no evidence of abuse was found.

Source: https://www.malwarebytes.com/blog/news/2025/07/meta-ai-chatbot-bug-could-have-allowed-anyone-to-see-private-conversations

TPRM report: https://scoringcyber.rankiteo.com/company/meta

"id": "met608071825",
"linkid": "meta",
"type": "Vulnerability",
"date": "7/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Social Media',
                        'name': 'Meta',
                        'type': 'Organization'}],
 'attack_vector': 'Unauthorized Access',
 'data_breach': {'type_of_data_compromised': ['Private prompts and responses']},
 'date_detected': '2024-12-26',
 'date_resolved': '2025-01-24',
 'description': 'A researcher disclosed a bug in the Meta AI chatbot that '
                'allowed anyone to access private prompts and responses. The '
                'bug was reported and fixed, with Meta paying a $10,000 bounty '
                'to the researcher.',
 'impact': {'data_compromised': ['Private prompts and responses'],
            'systems_affected': ['Meta AI Chatbot']},
 'investigation_status': 'Resolved',
 'lessons_learned': 'Understand privacy settings and avoid sharing PII with AI '
                    'tools.',
 'motivation': 'Bug Bounty',
 'post_incident_analysis': {'corrective_actions': ['Fixing the bug to prevent '
                                                   'unauthorized access.'],
                            'root_causes': 'Lack of authorization checks on '
                                           "Meta's servers."},
 'recommendations': ['Do not log in to social media platforms while using AI '
                     'tools.',
                     "Use 'Incognito Mode' when available.",
                     'Do not share private information with AI.',
                     'Familiarize yourself with privacy policies.',
                     'Never share PII.'],
 'references': [{'source': 'TechCrunch'}],
 'response': {'remediation_measures': ['Bug Fix']},
 'threat_actor': 'Sandeep Hodkasia (Researcher)',
 'title': 'Meta AI Chatbot Bug Allowed Unauthorized Access to Private '
          'Conversations',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Unique Identification Number Guessing'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.