Search
Get in Touch
News

Eurostar chatbot security flaws almost left customers exposed to possible security threats

TechRadar
TechRadar
  • Pen Test Partners found flaws in Eurostar’s AI chatbot, including weak validation and HTML injection
  • Eurostar says customer data was never at risk; vulnerabilities have since been mitigated
  • Palo Alto warns rapid AI adoption expands cloud attack surfaces via misconfigurations and non‑human identities

Eurostar’s recently-introduced AI-powered customer support chatbot was marred with cybersecurity vulnerabilities that opened the doors to a multitude of potential risks, experts have warned.

Researchers at Pen Test Partners discovered the chatbot properly validated only the most recent messages in a conversation, meaning older messages could be altered to contain a malicious prompt. That prompt could be virtually anything, from revealing system information, to (possibly) exfiltrating sensitive customer data.

Luckily, Eurostar did not connect its customer information database with the chatbot, so at the time of discovery, there was no direct risk of data leakage happening.

“Customers were never at risk”

The expers found there were other weaknesses in the system, as well, including conversation and message IDs that weren’t properly verified, or an HTML injection flaw that enables running JavaScript directly in the chat window.

Pen Test Partners seem to be the first to have discovered these vulnerabilities: “No attempt was made to access other users’ conversations or personal data”, the researchers explained. “But the same design weaknesses could become far more serious as chatbot functionality expands”.

Eurostar emphasized customer data was never at risk, telling City AM: “The chatbot did not have access to other systems and more importantly no sensitive customer data was at risk. All data is protected by a customer login.”

Many businesses are rushing to deploy AI tools, however, rapid enterprise adoption is significantly expanding cloud attack surfaces and putting businesses at more risk than ever before.

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Read more @ TechRadar

Previous article
Log into GTA Online this week for free gifts as the Christmas update rolls on
Next article
Nord VPN ups its game in open-source, with Linux-based package for OpenWrt routers
TechRadar
TechRadar

Latest posts

We translated the Palantir manifesto for actual human beings

The Verge - 0
Palantir CEO Alex Karp is a man in charge of one of the most important and frightening companies in the world. Karp's new book,...

SpaceX cuts a deal to maybe buy Cursor for $60 billion

The Verge - 0
With an IPO looming for Elon Musk's SpaceX / xAI / X combo platter of companies, SpaceX has announced an odd arrangement to either...

YouTube is muting push notifications from channels you don’t watch

Engadget - 0
YouTube notifications can get messy fast, particularly if you’re subscribed to a lot of different channels. To address that, today the company will begin...

Cash App now supports accounts for kids 6-12

Engadget - 0
Cash App, the banking and payments app run by Block, has added support for parent-managed kids accounts. The new accounts include key benefits from...

Mozilla says it patched 271 Firefox vulnerabilities thanks to Anthropic’s Claude Mythos

Engadget - 0
Anthropic's buzzy announcement about using AI to improve cybersecurity earlier this month was met with plenty of skepticism. However, Mozilla shared some details that...

SpaceX and Cursor strike partnership that might end in a $60 billion acquisition

Engadget - 0
SpaceX and AI company Cursor have struck a new partnership that could see the owner of X buy the AI company for $60 billion...

Google Wallet adds Live Update for flight tracking

9to5google - 0
As previously teased, Google Wallet for Android now offers Live Updates for tracking your current flight. Read more @ 9to5google

The AirPods are Tim Cook’s most underrated achievement

The Verge - 0
The AirPods changed the direction of true wireless earbuds and became Apple’s most important accessory. | Photography by Amelia Holowaty Krales / The Verge Apple...

Framework is building a better couch keyboard because everyone hates the Logitech one

The Verge - 0
If you have a wireless keyboard with a touchpad that lets you control your PC from across the room, chances are it's a Logitech...

Framework’s first eGPUs turn its laptop into a desktop PC

The Verge - 0
Remember when Framework made the first laptop where you can easily upgrade its entire internal video card in three minutes flat? The company's getting...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!

The AIVAnet is a collector and classifier of app news articles and online technology news, which works automatically by collecting and collating the RSS feeds from popular sites (IOS news feed,latest tablet news, etc.).

The articles deal with mobile app reviews, especially with android reviews, and IOS. One of the central thematic axes is also the comparisons. You can find articles with tablet reviews, comparisons and mobile OS systems or mobile OS stats.

We also provide some of the most popular app news express, for android and IOS or windows phone. The online technology news that you can find in our pages are just opinions and ideology, allowing you to see how different news agencies present the same news.

AIVAnet is supported by Cloud Services Store

About Us

© AIVAnet | All rights reserved