AI chatbot builder leaks hundreds of thousands of records online

WotNot Chatbot data found exposed online

· TechRadar

News By Ellen Jennings-Trace published 29 November 2024

(Image credit: Shutterstock)
  • Researchers found over 300,000 files of personally identifiable information
  • The files are attributed to AI chatbot startup WotNot
  • It took over to months for the information to be closed after initial disclosure

A huge Google Cloud storage bucket containing 346,381 files, attributed to AI startup ‘WotNot’, has been found unprotected online, experts have warned.

The exposed files, found by researchers at CyberNews, contained a ‘treasure trove’ of personal information, including passports, medical records, and CVs, which of course include full names, contact information, and addresses.

The storage bucket was accessible to anyone without needing authorization, and was left open for over two months after initial disclosure notifications were sent.

The risk of outsourcing

WotNot provides AI chatbots to businesses, offering a ‘personalized experience’ which is ‘available 24/7, responds instantly, and totally reliable’. The startup boasts 3,000 customers, and offers its services to ‘any vertical’, like Insurance, Finance, Healthcare, SaaS, and Banking. High profile customers include the University of California, Chenening, and Amneal Pharmaceuticals.

Using third party vendors for systems and resources is incredibly common, but businesses are left at risk if their vendors are compromised. AI services especially are interconnected, so are more likely to bring an uncontrolled flow of data - especially since customers are prompted to enter identifying information to the chatbots.

This incident, and the recent Blue Yonder ransomware attack, illustrate how important robust vetting and frequent cybersecurity assessments are when collaborating with third parties.

Data leaks containing personally identifiable information put both the customer and organization at risk.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors