Vulnerability Management, Penetration Testing, AI/ML

Eurostar chatbot bug disclosures prompt blackmail allegations

Customer support chat and communication icons hovering above smartphone with laptop showing online virtual assistant technology interface in dark digital business background

Western European high-speed rail service operator Eurostar has accused Pen Test Partners researchers of blackmail after their disclosure of four security flaws impacting the firm's AI chatbot through its vulnerability disclosure program, The Register reports.

After having its reports on the vulnerabilities which include a HTML injection issue that could be exploited to displlay illicit code or a phishing link and a stored cross-site scripting bug that could enable session takeovers and secrets compromise through the firm's VDP ignored in June, Pen Test Partners was then urged to submit its report by mid-July, only to learn that there has been no record of the report, according to the penetration testing and security consulting firm.

Fixes were eventually issued by Eurostar for certain vulnerabilities, prompting Pen Test Partners to publish its blog. However, Eurostar later alleged that the researchers were engaging in blackmail during a back-and-forth on LinkedIn, said researchers.

Such claims from Pen Test Partners have yet to be acknowledged by Eurostar, which has also yet to detail whether all of the identified chatbot flaws have already been addressed.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds