- ExpressVPN Discovered Massive Amounts of Leaked AI Chatbot Data
- The databases were not encrypted.
- ExpressVPN urges users to be vigilant
If you hear that up to 3.7 million private user data has been made public, you might well assume that this is the report of a major hack. However, recent research published by ExpressVPN demonstrates how easy it is to lose privacy when basic security measures such as password protection and encryption are not in place.
Conducted by cybersecurity researcher Jeremiah Fowler, the report uncovered a case where massive amounts of customer data were leaked from AI-powered chatbots used by retailers for customer service.
If you’re on this page, chances are the best VPNs already protect your digital privacy while you browse or stream content online, thanks to their top-notch encryption features.
Article continues below.
But when a retailer or third-party service hasn’t taken adequate steps to protect your data, even the most tech-savvy users may not realize the enormous risks they are subject to if leaked information falls into the wrong hands.
The findings
Fowler discovered three separate, publicly accessible databases that were neither password protected nor encrypted and contained 3.7 million records, including personal data such as email, home addresses and phone numbers.
To give an example of the immensity of the data exposed, even an initial sample included 1,422,577 audio recordings of clients. In terms of data, even at a glance, this included text transcripts totaling 3.9TB, 207,381 Excel files, and audio recordings totaling 415.2GB.
The limited sample contained transcripts and audio files belonging to Sears Home Services, a US retail and repair company that has adopted AI chatbots in English and Spanish in order to automate its scheduling, phone calls and online chats.
The files contained 54,359 full transcripts of conversations customers had with AI chatbots and their corresponding audio recordings.
Fowler noted that the system also continued to record audio files if the customer had not hung up properly, meaning the audio files contained up to four hours of background conversation and large amounts of biometric voice data.
The expert provided an overview of the data presented and shared screenshots of the file system structures and the file types they contained. These illustrated how the data could be accessed, including how the audio files could be played in any web browser and the convenient user interfaces provided for interacting with the file system.
How to stay safe
While Fowler claimed that public access to the data was restricted immediately after sending a responsible disclosure notice to Sears Home Services’ parent company, Transformco, he remained concerned.
The research highlighted that since AI-powered automation is capable of storing massive amounts of highly sensitive data, there is a significant risk that some companies will act irresponsibly and leave user data exposed – a grim scenario when estimates say deepfake-enabled fraud losses are forecast to reach $40 billion by 2027.
This large amount of data could allow hackers to link identities or replicate users’ digital profiles for criminal purposes; In such cases, virtual private network (VPN) tools are useless if the weak link is the same company to which you have voluntarily entrusted your data through chatbots or other applications.
ExpressVPN encourages users to stay alert and offers practical advice, including using strong passwords and take extra precautions in delicate situations.
Also, Be cautious about receiving unsolicited emails, text messages or phone calls. that reference information that you may have previously shared with a company or service.
And with the rise of voice cloning scams, agree on a password with family and friends to use in the unlikely event that you receive a call asking for money or help.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
