- ExpressVPN revealed massive amounts of AI chatbot leaked data
- The databases were not encrypted
- ExpressVPN urges users to be vigilant
If you heard that up to 3.7 million pieces of private user data had been made public, you might assume it was the report of a major hack. But a recent study published by ExpressVPN proves how easy it is to lose your privacy when basic security measures such as password protection and encryption are not in place.
Conducted by cybersecurity researcher Jeremiah Fowler, the report uncovered a case where massive amounts of customer data were leaked from AI-powered chatbots used by retailers for customer service.
If you’re on this page, chances are the best VPNs are already protecting your digital privacy while browsing or streaming content online, thanks to their top-notch encryption features.
The article continues below
But when a retailer or third-party service hasn’t taken adequate measures to protect your data, even the most tech-savvy users may not realize the enormous risks they face if leaked information falls into the wrong hands.
The findings
Fowler discovered three separate publicly available databases that were neither password protected nor encrypted and contained 3.7 million records, including personal data such as email and home addresses and phone numbers.
To give an example of the scale of the exposed data, even an initial sampling included 1,422,577 audio recordings of customers. In terms of data, even at a glance, this included text transcriptions totaling 3.9 TB, 207,381 Excel files, and audio recordings totaling 415.2 GB.
The limited sample included transcripts and audio files of Sears Home Services, a US retail and repair company that has embraced AI chatbots in English and Spanish aimed at automating its scheduling, phone calls and online chats.
The files contained 54,359 complete transcripts of the conversations customers had with AI chatbots and their corresponding audio recordings.
Fowler pointed out that the system also continued to record audio files if the customer had not hung up properly, meaning the audio files contained up to four hours of background conversation and huge amounts of biometric voice data.
The expert provided an overview of the data presented, shared screenshots of file system structures and the types of files they contained. These illustrated how the data could be accessed, including how audio files could be played in any web browser and the convenient user interfaces for interacting with the file system.
How to stay safe
While Fowler stated that public access to the data was immediately restricted after he sent a responsible disclosure notice to Sears Home Services’ parent company, Transformco, he remained concerned.
The study highlighted that with AI-powered automation capable of storing vast amounts of highly sensitive data, there is a significant risk that some companies will act irresponsibly and leave user data exposed – a grim scenario when estimates say deepfake-enabled fraud losses are expected to reach $40 billion by 2027.
This huge amount of data can enable hackers to link identities or copy users’ digital profiles for criminal purposes; in such cases, Virtual Private Network (VPN) tools prove useless if the weak link is the very company to whom you have voluntarily entrusted your data via chatbots or other apps.
ExpressVPN encourages users to remain vigilant and offers practical advice, including use strong passwords and take extra precautions in sensitive situations.
Also, be careful when receiving unsolicited emails, text messages or phone calls this reference information that you may have previously shared with a company or service.
And with the rise of vote cloning fraud, agree a password with family and friends to use in the unlikely event that you receive a call from them asking for money or help.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
