Meta fixed the bug that let anyone trick its Meta AI chatbot into resetting the password on Instagram accounts that didn't have two-factor authentication.
  • TrackinDaKraken@lemmy.worldEnglish
    0·
    12 days ago

    “Abusing”

    From what I heard, all they did is ask to reset a password. Is that “abuse”, or a failure of the chatbot?

  • Ephera@lemmy.ml
    0·
    12 days ago

    “The tool itself worked properly and functioned as intended; however due to a bug in a separate code path, the system did not properly verify that the email address provided by the individual requesting a password reset matched the email address associated with that user’s Instagram account,” said Meta in its breach notice.

    Why is the chatbot providing the e-mail address in the first place? It should just have a function it can call that triggers an account reset mail to be sent for a given account, with no other parameters.

    This statement reads like they wanted to shield their use of AI from critique, but in making it, they’ve admitted to a level of carelessness which could very well get them sued under the GDPR. What a load of hubris.