Comment by simonw

2 hours ago

> All the Telegram groups have quieted down as Meta seems to have patched it already, but it appears this particular method was active for weeks, if not months.

Is that for real? I find it hard to believe that an exploit THIS simple and easy to abuse managed to stay live for weeks or months.

2 comments

simonw

Reply
parable  2 hours ago

I'm inclined to believe it. As someone who studies this side of the Internet quite often and has seen equally trivial exploits stay active for weeks or months without being patched, I have no trouble believing this claim. I'm sure there are messages in Telegram channels from weeks or months ago that corroborate this.

tencentshill  2 hours ago

When your job is on the line, you use AI like your boss tells you to. Implement the spec and move on. No time to think about security, if you delay this feature it's your ass.