Disclosure of a vulnerability in AI Dungeon that enabled accessing all users' private adventures, scenarios, and posts via its GraphQL API
This data is scraped automatically and may be incorrect.
- Word count
- 2886 words
That kinda makes sense, as a lot of people would be impressed by AI Dungeon and maybe give it a round or two before getting bored, but the people who would keep coming back over and over would likely have ulterior motivations.
It was a good bug report and their recommendations all make sense. I'm a little disappointed that they decided to leak the entire chat histories though, even if it has been anonymized. That seems to exceed the purview of responsible disclosure and move into malicious leak territory.
This + the moderators being able to read stories marked as private seem like they would make for very bad PR. Too bad in most online spaces people latched on to the "pedos mad" argument instead of actually confronting the data leak and the massive breach of trust with reading private scenarios.
although maybe people should've known better than trusting everything they uploaded to a server would remain "private."