Friday, 18 July 2025
28.6 C
Singapore
28.7 C
Thailand
15 C
Indonesia
27.4 C
Philippines

AI chatbot builder leaks private data online

AI startup WotNot exposed 346,381 sensitive files online, risking identity theft and fraud. Learn about the breach and its impact.

A major data breach involving an AI startup has exposed sensitive personal information online, putting thousands at risk of identity theft and fraud. Experts from CyberNews uncovered an unsecured Google Cloud storage bucket belonging to WotNot, an AI chatbot provider, which contained a staggering 346,381 files.

The exposed documents included passports, CVs, medical records, and other sensitive details such as full names, contact information, and addresses. The storage bucket was openly accessible without the need for authorisation and remained exposed for over two months after initial warnings were sent.

What happened at WotNot?

WotNot is a startup specialising in AI-powered chatbots, offering businesses around-the-clock virtual customer support. With over 3,000 clients in industries such as insurance, finance, healthcare, and banking, the company provides services to high-profile customers, including the University of California, Chenening, and Amneal Pharmaceuticals.

Despite its advanced offerings, WotNot’s oversight highlights a significant risk in relying on third-party vendors for essential systems. Businesses often use external services to save resources and enhance efficiency, but such partnerships can introduce vulnerabilities. This breach underscores the need for stricter cybersecurity measures, especially when handling sensitive customer data.

AI services, which often require users to input personal information into automated systems, are particularly susceptible to data leaks. In WotNot’s case, the breach leaves its clients and users vulnerable to identity theft, phishing scams, and other forms of fraud.

The dangers of data leaks

Cybersecurity experts warn that this breach represents a substantial risk to affected individuals and businesses. CyberNews states, “The exposed personal documents provide threat actors a complete toolkit for identity theft, medical or job-related fraud, and various other scams.”

Individually, leaked data can be exploited for targeted phishing attacks or used to commit financial fraud, such as taking out loans under stolen identities. For organisations, these leaks can damage reputation, incur legal penalties, and lose customer trust.

Recent incidents, like this breach and the Blue Yonder ransomware attack, serve as reminders of the importance of robust cybersecurity. Businesses must regularly vet and monitor third-party vendors, particularly when managing interconnected systems like AI services. As reliance on digital platforms grows, so does the need for rigorous data protection practices.

Moving forward

This incident highlights the pressing need for stricter data protection standards within the tech industry. For WotNot, the focus must shift to addressing the vulnerabilities that allowed such a breach to occur. For other businesses, the takeaway is clear: cybersecurity should be a priority, not an afterthought.

This breach is a stark reminder that even modestly sized companies can pose significant security threats if proper safeguards are not in place. Whether it’s an AI chatbot or another digital tool, businesses must ensure the safety of their customers’ data to maintain trust and credibility.

Hot this week

Salesforce expands Hyperforce services in Indonesia with local data residency

Salesforce brings local data residency and AI-driven services to Indonesia with the expansion of Hyperforce and new platform tools.

Google Pixel 10 Pro Fold: Five major upgrades you need to know about

The Pixel 10 Pro Fold could rival Samsung and Vivo with a brighter display, better battery, 1TB storage, and IP68 protection, according to leaks.

Vivo joins the foldable race with new X Fold5 featuring ZEISS cameras and a huge battery

The Vivo X Fold5 offers foldable power with ZEISS cameras, a 6,000mAh battery, and multitasking software, all in a slim and lightweight design.

WeTransfer clears up AI concerns after backlash over new terms

WeTransfer clarifies that it won’t use your files to train AI, following backlash over its updated terms of service that raised user concerns.

Huawei targets AI chip expansion in the Middle East and Southeast Asia

Huawei aims to sell AI chips in the Middle East and Southeast Asia to compete with Nvidia and grow its international market reach.

Grok chatbot now barred from referencing Elon Musk or calling itself Hitler, says xAI

Grok chatbot no longer allowed to reference Elon Musk or call itself Hitler, as xAI enforces new rules to stop offensive replies.

Tenable uncovers remote code execution flaw in Oracle Cloud Code Editor

Tenable discovered an RCE flaw in Oracle Cloud Code Editor that allowed attackers to exploit Cloud Shell; the issue has since been fixed.

Garmin introduces Descent S1 buoy to enhance dive communication and safety

Garmin launches the Descent S1 Buoy in Singapore to improve diver tracking, messaging and safety through advanced sonar technology.

Salesforce expands Hyperforce services in Indonesia with local data residency

Salesforce brings local data residency and AI-driven services to Indonesia with the expansion of Hyperforce and new platform tools.

Related Articles

Popular Categories