AI chatbot builder leaks hundreds of thousands of records online

(Image credit: Shutterstock)

Researchers found over 300,000 files of personally identifiable information
The files are attributed to AI chatbot startup WotNot
It took over to months for the information to be closed after initial disclosure

A huge Google Cloud storage bucket containing 346,381 files, attributed to AI startup ‘WotNot’, has been found unprotected online, experts have warned.

The exposed files, found by researchers at CyberNews, contained a ‘treasure trove’ of personal information, including passports, medical records, and CVs, which of course include full names, contact information, and addresses.

The storage bucket was accessible to anyone without needing authorization, and was left open for over two months after initial disclosure notifications were sent.

The risk of outsourcing

WotNot provides AI chatbots to businesses, offering a ‘personalized experience’ which is ‘available 24/7, responds instantly, and totally reliable’. The startup boasts 3,000 customers, and offers its services to ‘any vertical’, like Insurance, Finance, Healthcare, SaaS, and Banking. High profile customers include the University of California, Chenening, and Amneal Pharmaceuticals.

Using third party vendors for systems and resources is incredibly common, but businesses are left at risk if their vendors are compromised. AI services especially are interconnected, so are more likely to bring an uncontrolled flow of data - especially since customers are prompted to enter identifying information to the chatbots.

This incident, and the recent Blue Yonder ransomware attack, illustrate how important robust vetting and frequent cybersecurity assessments are when collaborating with third parties.

Data leaks containing personally identifiable information put both the customer and organization at risk.

“While WotNot’s scale may be modest, this leak presents a significant security and privacy threat and impact to affected individuals. The exposed personal documents provide threat actors a complete toolkit for identity theft, medical or job-related fraud, and various other scams,” Cybernews researchers said.

On a customer level, the risk of identity theft and social engineering attacks, since personal data can be used to design phishing attacks specific to the individual, or identification documents can be used to take out loans or commit fraud.

Take a look at our pick of the around best malware removal software
Many small businesses are falling well short when it comes to cybersecurity plans
Check out our choices for best antivirus software

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

Latest

Best Buy's Black Friday sale has some amazing sales, so I've gone and picked the ones you must check out

See more latest ►

The risk of outsourcing

Are you a pro? Subscribe to our newsletter

You might also like

Most Popular