Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

Meta paid a $10,000 bounty for a major AI privacy flaw

The vulnerability was discovered by researcher Sandeep Hodkasia, who received a $10,000 bug bounty reward from Meta for his private disclosure.

byEmre Çıtak
July 16, 2025
in Artificial Intelligence, News
Home News Artificial Intelligence
Share on FacebookShare on TwitterShare on LinkedInShare on WhatsAppShare on e-mail
Google Preferred Source

Meta addressed a security flaw within its Meta AI chatbot, which permitted users to view the private prompts and AI-generated responses of other individuals. Sandeep Hodkasia, founder of AppSecure, disclosed this vulnerability to TechCrunch, confirming Meta paid him a $10,000 bug bounty reward for his private disclosure filed on December 26, 2024.

Hodkasia stated Meta deployed a fix on January 24, 2025, adding that no evidence of malicious exploitation of the bug was found. He explained to TechCrunch that he identified the vulnerability by examining Meta AI’s mechanism for allowing logged-in users to edit their AI prompts to regenerate text and images.

Hodkasia discovered that upon a user editing their prompt, Meta’s backend servers assigned a unique identification number to the prompt and its corresponding AI-generated response. By analyzing network traffic in his browser while editing an AI prompt, Hodkasia determined he could alter this unique number, resulting in Meta’s servers returning a prompt and AI-generated response belonging to a different user.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

The bug indicated that Meta’s servers were not adequately verifying user authorization to view specific prompts and responses. Hodkasia noted the prompt numbers generated by Meta’s servers were “easily guessable,” which could have enabled an unauthorized actor to systematically retrieve other users’ original prompts by rapidly altering prompt numbers using automated tools. Meta confirmed to TechCrunch that the bug was fixed in January.

Meta spokesperson Ryan Daniels stated, “found no evidence of abuse and rewarded the researcher.” This bug disclosure occurs as technology companies accelerate the launch and refinement of AI products, despite inherent security and privacy concerns. Meta AI’s standalone application, introduced earlier this year to compete with rival applications, faced initial issues, including instances where users inadvertently shared what they believed were private conversations with the chatbot publicly.


Featured image credit

Tags: AIFeaturedMeta

Related Posts

Tesla brings long-wheelbase Model Y to the US

Tesla brings long-wheelbase Model Y to the US

July 3, 2026
Opera adds protection against copy-paste ClickFix attacks

Opera adds protection against copy-paste ClickFix attacks

July 3, 2026
Cloudflare will block AI crawlers unless sites opt in

Cloudflare will block AI crawlers unless sites opt in

July 3, 2026
Meta releases Pocket app for generative AI games

Meta releases Pocket app for generative AI games

July 3, 2026
Android Halo will place AI agent updates in status bar

Android Halo will place AI agent updates in status bar

July 2, 2026
WhatsApp usernames spark impersonation and fraud concerns

WhatsApp usernames spark impersonation and fraud concerns

July 2, 2026

LATEST NEWS

Tesla brings long-wheelbase Model Y to the US

Opera adds protection against copy-paste ClickFix attacks

Cloudflare will block AI crawlers unless sites opt in

Meta releases Pocket app for generative AI games

Android Halo will place AI agent updates in status bar

WhatsApp usernames spark impersonation and fraud concerns

BEST AI MODELS LEADERBOARD

See the best AI models, ranked by intelligence, benchmark results, speed and token price. Find the most suitable LLMs, Text-to-Image, Image Editing, Text-to-Speech, Text-to-Video and Image-to-Video  artificial intelligence model for your tasks and business.

LATEST TOOLS

Instantchapters

Intellectia

ZipWP

Copyleaks – Plagiarism detector

Clipping Magic

KoalaChat

SpeechText

Booknotes

Unscrambler

LingoLooper

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI tools
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies to improve your experience. You can choose to accept or reject them. Visit our Privacy Policy.