ADVERTISEMENT

Hello, this is your chatbot leaking: WotNot exposes 346K sensitive customer files

Introducing additional hands into the AI supply chain might not be such a great idea. Passports, detailed medical records, resumes, and other sensitive personal records were exposed in a database belonging to WotNot, an Indian AI startup that helps build and customize bots for businesses.

WotNot research

Image by Cybernews.

Ernestas Naprys
Ernestas Naprys Senior Journalist
Nov 28, 2024 Updated: 2 December 2024 3 min read
  • Passports/national IDs: this type of data is crucial for verifying identity and can be used in various identity verification processes. IDs contain vital identification information, such as full names, passport numbers, dates of birth, etc.
  • Medical records: these records include detailed health information, including diagnoses, treatment histories, test results, and other confidential health data. The information provides a comprehensive view of an individual's medical history and current health status.
  • Resumes: documents contain full names, contact information, employment history, educational background, but most importantly, sensitive data like home addresses, email addresses, and phone numbers, among other details
  • Other documents: such as travel itineraries and railway tickets.
leaked-id-wotnot

WotNot: the bucket was used by free-tier users

ADVERTISEMENT

AI introduces new shadow IT resource

Paulina Okunyte Paulius Grinkevičius B&W Niamh Ancell Jurgita Lapienyte
Don’t miss our latest stories on Google News
Add us as your Preferred Source on Google.

Disclosure timeline

  • August 27th, 2024: Leak discovered.
  • September 9th, 2024: Initial disclosure email sent and multiple follow-up emails, including alternative email addresses.
  • November 12th, 2024: Instances closed to the public.
ADVERTISEMENT