Khaberni - ExpressVPN, a leader in privacy and digital security services, revealed the results of a shocking investigation by cybersecurity researcher "Jeremy Fowler", where an unprotected public database was found containing more than 3.7 million records of sensitive leaked data belonging to chatbot (AI Chatbots) clients of large retail companies.
The report confirmed that the lack of basic security measures, such as data encryption and password protection, exposed the privacy of millions of users to risk.
The leaked data included text and voice messages, home addresses, phone numbers, and even private voice recordings that lasted several hours, putting users directly under threat from cyberattacks and scams.
Details of the exposed data
The researcher "Jeremy Fowler" explained that he found three separate databases that were publicly accessible without any encryption, and these databases included the following:
- Voice recordings: More than 1.4 million voice recordings of customers (totaling 415.2 GB).
- Text files: Written transcripts of the conversations totaling 3.9 terabytes.
- Excel files: 207,381 files containing organizational data and contact information.
- Personal data: Included names, email addresses, home addresses, and phone numbers.
Involvement of major companies
The investigation revealed that a limited sample of the data belonged to Sears Home Services, an American company specializing in home services and repair.
The company uses chatbots in both English and Spanish to automate calls and scheduling.
It is concerning that the system continued to record audio even in cases where the customer did not properly hang up the phone, resulting in the recording of private background conversations that lasted up to 4 hours in some files, revealing huge amounts of biometric data of the customer's voice.
Security challenges and the future of fraud
ExpressVPN confirmed that virtual private network (VPN) tools remain essential to protect the user while browsing, but become ineffective if the company entrusted by the user with their data (through chatbots) lacks basic security standards.
It is notable that this leak comes at a time when forecasts suggest that losses from "deepfake" supported fraud will reach $40 billion by 2027, thus hackers possessing such quantities of voice fingerprints and personal data facilitates unprecedented identity theft operations.
ExpressVPN recommendations for staying safe:
- Be cautious in dealings: Exercise caution when sharing sensitive information with automated chatbots.
- Scrutinize communications: Beware of emails or calls claiming knowledge of private information previously shared with a company.
- Family password: Due to the prevalence of voice cloning, the company recommends agreeing on a "password" between family members and friends to confirm identities in case of receiving calls asking for financial help.
- Secure accounts: Use strong and unique passwords for all digital platforms.
According to the ExpressVPN report, access to the leaked data was restricted immediately after a liability notice was sent to Transformco (the parent company of Sears Home Services), but the investigation remains a stark reminder of the need for comprehensive encryption in the era of artificial intelligence.
