Meta AI Bug That Could Expose Private Conversations Was Fixed After Researcher’s Shocking Discovery

Meta may have narrowly avoided a major privacy disaster. According to a recent report, a vulnerability in its AI chatbot platform could have allowed outsiders to access private conversations of other users. The flaw was discovered by Sandeep Hodkasia, the founder of security testing firm AppSecure, who responsibly disclosed the issue to Meta in December last year.

What makes this incident more alarming is how simple the exploit actually was. It did not require hacking into Meta’s servers or bypassing complex encryption. Instead, it relied on analyzing browser network traffic while editing AI prompts. Hodkasia discovered that the chatbot assigned a unique identification number to every user prompt and its corresponding AI response. By manually altering that ID, it was possible to view someone else's AI-generated conversation.

These IDs, according to the researcher, were easily guessable. Once he understood the pattern, it did not take much effort to find another valid prompt ID and gain access to a different user's AI interaction. This meant that with basic observation and minimal technical skills, someone could potentially access private requests and responses submitted by other users, including sensitive or confidential prompts.

Meta quickly took action after the vulnerability was reported. The company implemented a fix in January and confirmed there was no evidence of the flaw being exploited by any malicious actors. The bug bounty program rewarded Hodkasia with ten thousand dollars for his discovery, recognizing the seriousness of the issue and the value of the disclosure.

This revelation comes at a time when Meta is actively expanding the capabilities of its AI systems. The company recently launched new features in its chatbots, including the ability to proactively send follow-up messages. Meta AI is also integrated into platforms like Facebook and WhatsApp, making it essential for the underlying systems to be airtight in terms of user privacy and data security.

In recent months, Meta’s AI feed had already raised eyebrows after private-looking prompts began appearing in the discovery section of its app. Some of these included users asking for medical advice, legal help, or even confessing to illegal acts. Although those were believed to be errors in filtering public versus private data, they highlighted how fragile the boundaries of privacy can be when it comes to AI interactions.

The fact that this bug was found and patched before it became a wider problem is a relief. But it also serves as a reminder that as AI becomes more embedded into our personal and digital lives, protecting the data behind those conversations is no less important than protecting our emails or messages.

With AI tools becoming more conversational and personal, even a simple prompt could contain sensitive information. Whether someone is asking for relationship advice, searching health symptoms, or exploring legal questions, those interactions are deeply private and must be handled with the highest level of security.

Meta’s quick response to the issue and its reward to the researcher demonstrate a commitment to fixing problems when they arise. But for users, it is also a sign to be cautious about what they share with AI tools, especially as these systems evolve and become more integrated into daily life.

Follow Tech Moves on Instagram and Facebook for more stories on AI security, privacy updates, and how the smartest tech tools are shaping our digital future.