Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Ellen Jennings-Trace

AI chatbot builder leaks hundreds of thousands of records online

Digital data lock on screen.

  • Researchers found over 300,000 files of personally identifiable information
  • The files are attributed to AI chatbot startup WotNot
  • It took over to months for the information to be closed after initial disclosure

A huge Google Cloud storage bucket containing 346,381 files, attributed to AI startup ‘WotNot’, has been found unprotected online, experts have warned.

The exposed files, found by researchers at CyberNews, contained a ‘treasure trove’ of personal information, including passports, medical records, and CVs, which of course include full names, contact information, and addresses.

The storage bucket was accessible to anyone without needing authorization, and was left open for over two months after initial disclosure notifications were sent.

The risk of outsourcing

WotNot provides AI chatbots to businesses, offering a ‘personalized experience’ which is ‘available 24/7, responds instantly, and totally reliable’. The startup boasts 3,000 customers, and offers its services to ‘any vertical’, like Insurance, Finance, Healthcare, SaaS, and Banking. High profile customers include the University of California, Chenening, and Amneal Pharmaceuticals.

Using third party vendors for systems and resources is incredibly common, but businesses are left at risk if their vendors are compromised. AI services especially are interconnected, so are more likely to bring an uncontrolled flow of data - especially since customers are prompted to enter identifying information to the chatbots.

This incident, and the recent Blue Yonder ransomware attack, illustrate how important robust vetting and frequent cybersecurity assessments are when collaborating with third parties.

Data leaks containing personally identifiable information put both the customer and organization at risk.

“While WotNot’s scale may be modest, this leak presents a significant security and privacy threat and impact to affected individuals. The exposed personal documents provide threat actors a complete toolkit for identity theft, medical or job-related fraud, and various other scams,” Cybernews researchers said.

On a customer level, the risk of identity theft and social engineering attacks, since personal data can be used to design phishing attacks specific to the individual, or identification documents can be used to take out loans or commit fraud.

You might also like

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.