Meta AI chatbot bug could have allowed anyone to see private conversations – Malwarebytes
Activate Subscription >
Add devices or upgrade >
Renew Subscription >
Billing >
Don’t have an account?
Sign up >
< Products
Have a current computer infection?
Try our antivirus with a free, full-featured 14-day trial
Get your free digital security toolkit
Find the right cyberprotection for you
< Business
< Pricing
Protect your personal devices and data
Protect your team’s devices and data – no IT skills needed
Explore award-winning endpoint security for your business
< Resources
< Support
Malwarebytes and Teams Customers
Nebula and Oneview Customers
A researcher has disclosed to TechCrunch that he received a $10,000 bounty for reporting a bug that let anyone access private prompts and responses with the Meta AI chatbot.
On June 13, we reported that the Meta AI app publicly exposes user conversations, often without users realizing it. In these cases, the app made “shared” conversations accessible through its Discover feed, so others could easily find them. Meta insisted this wasn’t a bug, even though many people didn’t understand that their conversations were visible to others.
However, Sandeep Hodkasia, the researcher that found the awarded bug, was able to find conversations that weren’t even shared, but “private.” To understand what he did, you need to know that the Meta AI allows users to edit their questions (prompts) to regenerate text and images.
Some of Sandeep’s testing revealed that the chatbot assigned unique numbers to queries that were the results of edited prompts. And by analyzing the network traffic generated by editing a prompt, Sandeep figured out how he could change the unique identification number.
Sending different numbers, which were easy to guess according to Sandeep, allowed him to view a prompt and AI-generated response of someone else entirely. And because the numbers were easy to guess, an attacker could have scraped a host of other users’ conversations with Meta AI.
Meta’s servers failed to check whether the person requesting the information had the authorization to access it.
According to Sandeep, Meta fixed the bug he filed on December 26, 2024, on January 24, 2025. Meta confirmed this date and stated that it found no evidence of abuse.
While we continue to argue that the developments in AI are going too fast for security and privacy to be baked into the tech, there are some things to keep in mind to make sure your private information remains safe:
We don’t just report on threats – we help protect your social media
Cybersecurity risks should never spread beyond a headline. Protect your social media accounts by using Malwarebytes Identity Theft Protection.
SHARE THIS ARTICLE
July 17, 2025 – The database contained 1,115,061 records including the names of children, birth parents, adoptive parents, and other potentially sensitive information like case notes.
July 17, 2025 – Google has released an update for its Chrome browser to patch six security vulnerabilities including one zero-day.
July 16, 2025 – A former US army colonel faces up to ten years in prison after revealing national secrets on a foreign dating app.
July 16, 2025 – Amazon has emailed 200 million customers to warn them about a rather convincing phishing campaign.
July 14, 2025 – Cybercriminals are using sponsored ads and fake news websites to lure victims to investment scams.
ABOUT THE AUTHOR
Pieter Arntz 
Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.
Contributors
Threat Center
Podcast
Glossary
Scams
Cyberprotection for every one.
COMPUTER SECURITY
MOBILE SECURITY
PRIVACY PROTECTION
IDENTITY PROTECTION
LEARN ABOUT CYBERSECURITY
PARTNER WITH MALWAREBYTES
ADDRESS
One Albert Quay
2nd Floor
Cork T12 X8N6
Ireland
2445 Augustine Drive
Suite 550
Santa Clara, CA
USA, 95054
ABOUT MALWAREBYTES
WHY US
GET HELP
Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.
© 2025 All Rights Reserved
