- ExpressVPN discovered huge amounts of data leaked by an AI chatbot
- Databases were not encrypted
- ExpressVPN calls users to be vigilant
If you learn that up to 3.7 million private user data has been made public, you might very well assume that this is a report of a major hack. However, a recent survey published by ExpressVPN proves how easy it is to lose your privacy when basic security measures such as password protection and encryption are not in place.
Conducted by cybersecurity researcher Jeremiah Fowler, the report revealed a case in which huge amounts of customer data were leaked by AI-powered chatbots used by retailers for customer service.
If you’re on this page, chances are the best VPNs already protect your digital privacy when you browse or stream online, thanks to their top-notch encryption features.
Article continues below
But when a retailer or third-party service hasn’t taken adequate steps to protect your data, even the most tech-savvy users may not realize the enormous risks they face if the disclosed information falls into the wrong hands.
The findings
Fowler discovered three separate publicly accessible databases that were neither password protected nor encrypted and contained 3.7 million records, including personal data such as email and home addresses and phone numbers.
To give an example of the vastness of the data exposed, even an initial sampling included 1,422,577 customer audio recordings. In terms of data, even at a glance, this included text transcriptions totaling 3.9 TB, 207,381 Excel files, and audio recordings totaling 415.2 GB.
The limited sample contained transcripts and audio files belonging to Sears Home Services, an American retail and repair company that adopted English and Spanish AI chatbots in an effort to automate their scheduling, phone calls, and online chats.
The files contained 54,359 full transcripts of conversations customers had with the AI chatbots and their corresponding audio recordings.
Fowler pointed out that the system also continued to record audio files if the customer had not hung up properly, meaning the audio files contained up to four hours of background talk and large amounts of biometric voice data.
The expert provided an overview of the data presented, sharing screenshots of file system structures and the file types they contain. These illustrated how to access the data, including how audio files could be played in any web browser and the convenient user interfaces provided for interacting with the file system.
How to stay safe
Even though Fowler said public access to the data was immediately restricted after he sent a responsible disclosure notice to Sears Home Services parent company Transformco, he remained concerned.
The investigation highlighted that with AI-based automation capable of storing huge amounts of highly sensitive data, there is a significant risk that some companies will act irresponsibly and expose user data – a grim scenario as estimates indicate that losses from deepfake fraud are expected to reach $40 billion by 2027.
This large amount of data could allow hackers to link identities or reproduce users’ digital profiles for criminal purposes; In such cases, virtual private network (VPN) tools prove useless if the weak link is the very company you voluntarily entrusted your data to via chatbots or other applications.
ExpressVPN urges users to stay vigilant and offers practical advice, including use strong passwords and take extra precautions in sensitive situations.
Also, be careful when receiving unsolicited emails, text messages, or phone calls This reference information you may have already shared with a company or service.
And with the rise of voice cloning scams, agree a password with family and friends to use in the unlikely event that you receive a call from them asking for money or help.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
