Meta fixed the bug that let anyone trick its Meta AI chatbot into resetting the password on Instagram accounts that didn't have two-factor authentication.
“The tool itself worked properly and functioned as intended; however due to a bug in a separate code path, the system did not properly verify that the email address provided by the individual requesting a password reset matched the email address associated with that user’s Instagram account,” said Meta in its breach notice.
Why is the chatbot providing the e-mail address in the first place? It should just have a function it can call that triggers an account reset mail to be sent for a given account, with no other parameters.
This statement reads like they wanted to shield their use of AI from critique, but in making it, they’ve admitted to a level of carelessness which could very well get them sued under the GDPR. What a load of hubris.
Why is the chatbot providing the e-mail address in the first place? It should just have a function it can call that triggers an account reset mail to be sent for a given account, with no other parameters.
This statement reads like they wanted to shield their use of AI from critique, but in making it, they’ve admitted to a level of carelessness which could very well get them sued under the GDPR. What a load of hubris.