Eurostar chatbot security flaws almost left customers exposed to possible security threats

Pen Test Partners found flaws in Eurostar’s AI chatbot, including weak validation and HTML injection
Eurostar says customer data was never at risk; vulnerabilities have since been mitigated
Palo Alto warns rapid AI adoption expands cloud attack surfaces via misconfigurations and non‑human identities

Eurostar’s recently-introduced AI-powered customer support chatbot was marred with cybersecurity vulnerabilities that opened the doors to a multitude of potential risks, experts have warned.

Researchers at Pen Test Partners discovered the chatbot properly validated only the most recent messages in a conversation, meaning older messages could be altered to contain a malicious prompt. That prompt could be virtually anything, from revealing system information, to (possibly) exfiltrating sensitive customer data.

“Customers were never at risk”

The expers found there were other weaknesses in the system, as well, including conversation and message IDs that weren’t properly verified, or an HTML injection flaw that enables running JavaScript directly in the chat window.

Pen Test Partners seem to be the first to have discovered these vulnerabilities: “No attempt was made to access other users’ conversations or personal data”, the researchers explained. “But the same design weaknesses could become far more serious as chatbot functionality expands”.

City AM: “The chatbot did not have access to other systems and more importantly no sensitive customer data was at risk. All data is protected by a customer login.”

Many businesses are rushing to deploy AI tools, however, rapid enterprise adoption is significantly expanding cloud attack surfaces and putting businesses at more risk than ever before.

The best antivirus for all budgets

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

https://cdn.mos.cms.futurecdn.net/sznf77KCpqsDAMqC6ocNGR-970-80.jpg

Source link

LG announces next-gen version of its best OLED TV tech — oh, and it’s changing the name

Watch out – RAM rip-offs are now in vogue, so here’s how to avoid falling for high-end memory scams

NHS England tech provider reveals data breach – DXS International hit by ransomware

‘It’s business as usual. The app is working, warranties will be honored’ — iRobot CEO reassures Roomba owners following takeover

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

Which Celebrity Styles Americans Copy Most in 2025: New Study

New ‘Westworld’ trailer introduces us to another dystopian tech company

What’s the point of ‘Charlie’s Angels’ without Sam Rockwell dancing?

These striking photos capture the future of human flight

Enterprise Products Partners' SWOT analysis: midstream giant's stock resilience tested

JetBlue's SWOT analysis: airline stock faces turbulence amid strategic shifts

Minnesota lawmaker killed on Saturday served with compassion, governor says

Minnesota shooting suspect told friend in text message: I might be dead soon

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays