Club Benefits
You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Daily (Mon-Sun)
Tom's Guide Daily
Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.
Weekly on Thursday
Tom's AI Guide
Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!
Weekly on Friday
Tom's iGuide
Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.
Weekly on Monday
Tom's Streaming Guide
Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.
Join the club
Get full access to premium articles, exclusive features and a growing list of member rewards.
A vulnerability discovered last year by a cybersecurity expert found that Meta AI has been letting chatbot users access the private prompts and AI-generated responses of other users through a flaw.
As reported by Cybernews, Meta has since fixed the bug, however, for an undetermined amount of time users had unauthorized access to prompts and answers of any other user as a result of the leak.
The vulnerability, which according to TechCrunch, was first disclosed to Meta on December 26, 2024 by cybersecurity expert and founder of AppSecure Sandeep Hodkasia, was corrected with a fix by Meta on January 24, 2025. Hodkasia was researching the way Meta AI lets logged in users modify their own prompts to regenerate texts and images; when a user edits their AI prompt, Meta’s servers assign a unique number to it and the AI-generated response.
Hodkasia analyzed his browser’s network traffic while editing an AI prompt, and found he could modify this number to cause the servers to return a prompt and response from another user. This means the servers were not checking that the user requesting the prompt and its response were authorized to view it.
As more and more companies begin using chatbots, they should be regularly ensuring that these chats remain private and confidential by checking them for potential security flaws – particularly if the chat history could contain sensitive information.
More from Tom's Guide
- This Android malware poses as real apps to take you to dangerous sites and flood your phone with spam
- 5.4 million hit in major healthcare data breach — names, emails, SSNs and more exposed
- Google Gemini flaw exploited to turn AI-powered email summaries into the perfect phishing tool — everything you need to know
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
