How did hackers exploit Microsoft Copilot?

Hackers exploited a vulnerability where Copilot processed malicious URLs embedded in prompts, leading to sensitive data exfiltration.

Was Microsoft 365 Copilot affected by the Reprompt exploit?

No, the Reprompt exploit specifically targeted and affected Copilot Personal; Microsoft 365 Copilot was not impacted.

What kind of data could be stolen from Microsoft Copilot?

The attack could exfiltrate user data such as names, locations, and details from the user's Copilot chat history.

Home / Technology / Copilot Hack: Sensitive Data Leaked Via Single Click

Copilot Hack: Sensitive Data Leaked Via Single Click

15 Jan

•

Summary

Hackers exploited Copilot's URL prompt feature to steal user data.
The vulnerability bypassed enterprise security controls and detection.
Microsoft has since fixed the exploit affecting Copilot Personal.

Copilot Hack: Sensitive Data Leaked Via Single Click

Security researchers have uncovered a significant vulnerability within Microsoft's Copilot Personal AI assistant, enabling attackers to access sensitive user information. The exploit, dubbed Reprompt by its discoverers Varonis, leveraged a flaw in how Copilot processed URLs embedded within prompts. By clicking a single malicious link, users could inadvertently trigger the exfiltration of personal data, such as their name and location.

The attack proved effective against enterprise security systems, operating even after the user terminated the Copilot session. Researchers found that guardrails implemented by Microsoft were not robust enough to prevent repeated prompt injections, which allowed the malicious data extraction to continue in stages. This bypass allowed hackers to glean details directly from the user's chat history.