Meta Fixes AI Privacy Bug That Exposed User Chats, Awards ₹8.5 Lakh to Ethical Hacker
According to a report by TechCrunch, Hodkasia—founder of the cybersecurity firm AppSecure—reported the issue to Meta on December 26, 2024. The flaw, linked to the prompt editing feature in Meta's AI assistant, had the potential to allow unauthorized access to personal prompts and responses from other users.
Meta users interacting with the AI platform can edit or regenerate prompts. These prompts, along with AI-generated replies, are each assigned a unique identification number (ID) by Meta's backend system. Hodkasia found that these IDs, which were visible through browser developer tools, followed a predictable pattern and were vulnerable to manipulation.
'I was able to view prompts and responses of other users by manually changing the ID in the browser's network activity panel,' Hodkasia explained. The major issue, he pointed out, was that Meta's system didn't verify whether the requester of a particular prompt actually owned it. That meant someone with modest technical knowledge could write a script to cycle through IDs, collecting sensitive user data at scale.
The ease with which this vulnerability could be exploited made it particularly dangerous. Since the system lacked user-specific access checks, it effectively opened a backdoor to private AI conversations. Thankfully, Hodkasia chose to report the issue rather than exploit it.
Meta confirmed it patched the flaw on January 24, 2025, following an internal review. The company also stated that there was no evidence suggesting the vulnerability had been exploited before Hodkasia's report.
While the fix has been deployed, the incident has renewed concerns about data privacy in AI platforms. As tech giants race to roll out AI-powered products to stay ahead of the competition, lapses like this highlight the growing importance of robust security protocols.
Meta launched its AI assistant and a standalone app earlier this year to compete with platforms like ChatGPT. However, its rollout has not been without issues. In recent months, some users reported that their supposedly private conversations were visible in the platform's public Discovery feed.
Although Meta maintains that chats are private by default and only become public when explicitly shared, users argue that the app's interface and settings are confusing. Many claimed they were unaware that their personal inputs, including photos or prompts, might become publicly accessible.
As AI tools become more integrated into daily life, incidents like this serve as a stark reminder of the need for transparency, user control, and stringent privacy protections. Meta's swift response and bug bounty program underscore the critical role of ethical hackers in maintaining digital safety.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Indian Express
an hour ago
- Indian Express
OpenAI lists Google as cloud partner amid growing demand for computing capacity
OpenAI has included Alphabet's Google Cloud among its suppliers to meet escalating demands for computing capacity, according to an updated list published on the ChatGPT maker's website. The artificial-intelligence giant also relies on services from Microsoft, Oracle, and CoreWeave. The deal with Google, finalized in May after months of discussions, was first reported by Reuters citing a source in June. The arrangement underscores how massive computing demands to train and deploy AI models are reshaping the competitive dynamics in AI, and marks OpenAI's latest move to diversify its compute sources beyond its major supporter Microsoft, including its high-profile Stargate data center project. Earlier this year, OpenAI partnered with SoftBank and Oracle on the $500 billion Stargate infrastructure program and signed multi-billion-dollar agreements with CoreWeave to bolster computing capacity. The partnership with Google is the latest of several maneuvers made by OpenAI to reduce its dependency on Microsoft whose Azure cloud service had served as the ChatGPT maker's exclusive data center infrastructure provider until January. Google and OpenAI discussed an arrangement for months but were previously blocked from signing a deal due to OpenAI's lock-in with Microsoft, a source had told Reuters.
Economic Times
an hour ago
- Economic Times
US AI startups see funding surge while more VC funds struggle to raise, data shows
IANS US startup funding surged 75.6% in the first half of 2025, thanks to the continued AI boom, putting it on track for its second-best year ever, even as venture capital firms struggled to raise money, a report from PitchBook on Tuesday showed. Startup funding in the first six months of 2025 jumped to $162.8 billion, marking the strongest performance since the same period in 2021 - the historic peak for venture capital activity. That previous surge came during the era of the Zero Interest Rate Policy (ZIRP), when central banks slashed rates to stimulate economic activity during the COVID-19 pandemic, sending capital into higher-risk assets including venture capital. This year's boom has been driven largely by major AI investments and bold bets from big tech companies, a wave of activity set off by the debut of ChatGPT in late 2022. In the past three months alone, $69.9 billion was invested in U.S. startups. Standout deals included OpenAI's $40 billion round and Meta's $14.3 billion purchase of a stake in Scale AI. Other AI deals exceeding $1 billion in the second quarter included significant investments in Safe Superintelligence, Thinking Machine Labs, Anduril, and Grammarly. These deals underscore sustained investor conviction in the AI sector, which accounted for 64.1% of the total deal value and 35.6% of the deal count in the first half of the year. "I think it's downstream of the fact that OpenAI and Anthropic continue to grow at unbelievable rates," said Davis Treybig, partner at VC firm Innovation Endeavors. "If there's even a chance you could see that sort of progress in other domains, whether it's robotics, protein folding models, world models or video models, then there's a lot of people who are going to want to invest a lot of money." Harder for VC funds In contrast, U.S. venture capital fundraising continued to face headwinds, with just $26.6 billion raised across 238 funds in the first half of the year. This subdued environment represents a 33.7% year-over-year decline in capital raised, extending the downward trend from 2024. It is also taking fund managers longer to close new vehicles, with the median time stretching to 15.3 months by the second quarter of 2025 - the longest in over a decade, data shows. The disconnection from the startup market reflects concerns from limited partners on the asset class due to recent underperformance and liquidity constraints. A rebound in exit activity, including IPOs and M&A, has brought a sense of optimism for the remainder of the year. Exit activity in the second quarter was up 40% from last year, as a loosening antitrust environment and a thawing IPO market boost confidence. Sectors aligned with President Donald Trump's priorities such as AI, national security, defense technology, fintech and crypto dominated IPO interest in the second quarter, the report noted. "The good news is we're starting to see the tide turn," said Lucas Swisher, co-head of growth investing at tech investment firm Coatue. "IPOs like Coatue portfolio companies Hinge Health and Coreweave have been well received by the market, and there are a dozen companies filed now." Elevate your knowledge and leadership skills at a cost cheaper than your daily tea. As deposit ground slips under PSU banks' feet, they chase the wealthy If data is the new oil, are data centres the smokestacks of the digital age? Can Grasim's anti-competition charge against Asian Paints stand amid intense war Can Indian IT's 'pyramid' survive the GenAI shake-up? Stock Radar: Igarashi Motors showing signs of momentum after 30% drop from highs; time to buy? These mid-cap stocks with 'Strong Buy' & 'Buy' recos can rally over 25%, according to analysts Multibagger or IBC - Part 15: Strong margins & no loans. Is this the auto sector's dark horse? Get ready for volatility with the big, better & experienced. 7 large-caps from different sectors with an upside potential of up to 39%
Time of India
an hour ago
- Time of India
US AI startups see funding surge while more VC funds struggle to raise, data shows
Academy Empower your mind, elevate your skills US startup funding surged 75.6% in the first half of 2025, thanks to the continued AI boom, putting it on track for its second-best year ever, even as venture capital firms struggled to raise money, a report from PitchBook on Tuesday funding in the first six months of 2025 jumped to $162.8 billion, marking the strongest performance since the same period in 2021 - the historic peak for venture capital previous surge came during the era of the Zero Interest Rate Policy (ZIRP), when central banks slashed rates to stimulate economic activity during the COVID-19 pandemic, sending capital into higher-risk assets including venture year's boom has been driven largely by major AI investments and bold bets from big tech companies, a wave of activity set off by the debut of ChatGPT in late 2022. In the past three months alone, $69.9 billion was invested in U.S. deals included OpenAI's $40 billion round and Meta's $14.3 billion purchase of a stake in Scale AI deals exceeding $1 billion in the second quarter included significant investments in Safe Superintelligence, Thinking Machine Labs, Anduril, and deals underscore sustained investor conviction in the AI sector, which accounted for 64.1% of the total deal value and 35.6% of the deal count in the first half of the year."I think it's downstream of the fact that OpenAI and Anthropic continue to grow at unbelievable rates," said Davis Treybig, partner at VC firm Innovation Endeavors. "If there's even a chance you could see that sort of progress in other domains, whether it's robotics, protein folding models, world models or video models, then there's a lot of people who are going to want to invest a lot of money."In contrast, U.S. venture capital fundraising continued to face headwinds, with just $26.6 billion raised across 238 funds in the first half of the year. This subdued environment represents a 33.7% year-over-year decline in capital raised, extending the downward trend from is also taking fund managers longer to close new vehicles, with the median time stretching to 15.3 months by the second quarter of 2025 - the longest in over a decade, data disconnection from the startup market reflects concerns from limited partners on the asset class due to recent underperformance and liquidity constraints.A rebound in exit activity, including IPOs and M&A, has brought a sense of optimism for the remainder of the year. Exit activity in the second quarter was up 40% from last year, as a loosening antitrust environment and a thawing IPO market boost aligned with President Donald Trump's priorities such as AI, national security, defense technology, fintech and crypto dominated IPO interest in the second quarter, the report noted."The good news is we're starting to see the tide turn," said Lucas Swisher, co-head of growth investing at tech investment firm Coatue. "IPOs like Coatue portfolio companies Hinge Health and Coreweave have been well received by the market, and there are a dozen companies filed now."
