Meta compensated security researcher Sandeep Hodkasia with $10,000 after he identified a critical flaw in the company's artificial intelligence platform. The vulnerability allowed unauthorized access to private user conversations and system-generated responses across different accounts. Hodkasia discovered the weakness while testing Meta AI's prompt modification capabilities during December examinations. The founder of AppSecure reported his findings through Meta's established bug bounty program. Meta confirmed the security gap has been resolved without evidence of malicious exploitation.
The technical issue stemmed from inadequate verification protocols on Meta's servers when users requested access to conversation data. Each user interaction received a unique identification code that attackers could potentially manipulate to view unauthorized content. Predictable identifier patterns created systematic access opportunities for malicious actors seeking sensitive user information. This discovery amplifies ongoing concerns about Meta's artificial intelligence security practices. The standalone application previously faced criticism for inadvertently sharing private conversations through ambiguous privacy configurations.
The technical issue stemmed from inadequate verification protocols on Meta's servers when users requested access to conversation data. Each user interaction received a unique identification code that attackers could potentially manipulate to view unauthorized content. Predictable identifier patterns created systematic access opportunities for malicious actors seeking sensitive user information. This discovery amplifies ongoing concerns about Meta's artificial intelligence security practices. The standalone application previously faced criticism for inadvertently sharing private conversations through ambiguous privacy configurations.
