Introducing additional hands into the AI supply chain might not be such a great idea. Passports, detailed medical records, resumes, and other sensitive personal records were exposed in a database belonging to WotNot, an Indian AI startup that helps build and customize bots for businesses.
ChatGPT and other chatbots from major AI companies have all at one point been tricked into leaking sensitive information, raising concerns about data security and privacy.
However, what happens when you introduce an additional link in the chain to access the chatbot? Customer data might flow through additional systems, creating additional points of exposure and even more third-party vendor risks.
WotNot, a customized chatbot builder for businesses, is a perfect example of the materialized risk. On August 27th, 2024, the Cybernews research team was conducting a routine investigation using OSINT methods when they unveiled fresh indexes.
The researchers discovered a huge Google Cloud Storage bucket storing 346,381 files. The misconfigured storage was accessible to anyone without authorization and contained a treasure trove of personal data.
The bucket has been attributed to the AI startup WotNot, which lists Merck, University of California, Chenening, Amneal Pharmaceuticals, Chenening, Donna Italia, Zydus Group, and other companies among its 3,000 customers.
The bucket stored a wide range of data types, which signals that it may belong to the customers of many companies. Data included:
- Passports/national IDs: this type of data is crucial for verifying identity and can be used in various identity verification processes. IDs contain vital identification information, such as full names, passport numbers, dates of birth, etc.
- Medical records: these records include detailed health information, including diagnoses, treatment histories, test results, and other confidential health data. The information provides a comprehensive view of an individual's medical history and current health status.
- Resumes: documents contain full names, contact information, employment history, educational background, but most importantly, sensitive data like home addresses, email addresses, and phone numbers, among other details
- Other documents: such as travel itineraries and railway tickets.
“While WotNot’s scale may be modest, this leak presents a significant security and privacy threat and impact to affected individuals. The exposed personal documents provide threat actors a complete toolkit for identity theft, medical or job-related fraud, and various other scams,” Cybernews researchers said.
They warn that cybercriminals may attempt to use the information to open fraudulent financial accounts, file false insurance claims, launch spearphishing attacks, and other social engineering schemes.
WotNot: the bucket was used by free-tier users
“The cause for the breach was that the cloud storage bucket policies were modified to accommodate a specific use case. However, we regretfully missed thoroughly verifying its accessibility, which inadvertently left the data exposed,” Wotnot said in a statement to Cybernews.
According to the company, this bucket stores files uploaded by end-users who converse with the chatbot.
“It also stores non-sensitive content such as images, brochures, and other marketing materials that do not contain any personally identifiable information. That said, we typically recommend that our customers delete such files from the server after they have been received and forwarded to their own systems,” WotNot said.
The company also clarified that the particular bucket was designated for users who were part of the free plan.
“For enterprise customers, we provide private instances to ensure security and compliance standards are strictly adhered to. We are taking this incident seriously and will further strengthen our security measures to ensure such issues do not occur in the future,” WotNot assured.
AI introduces new shadow IT resource
The WotNot chatbot development platform allows companies to create intelligent, interactive, and customized bots for various uses with minimal or no coding skills. The platform supports deploying chatbots across multiple channels, including websites, WhatsApp, Facebook Messenger, and SMS. Wotnot is based in India and the USA.
The incident illustrates how businesses must recognize that their responsibility for data security extends beyond their internal systems.
“In WotNot's case, sensitive information that originated from their business clients ended up exposed, showing how one security lapse at a single vendor can compromise data from multiple companies and thousands of individuals downstream,” Cybernews researchers explained.
AI services introduce a new shadow IT resource, which is outside the organization’s direct control. Shadow IT refers to systems that are not directly controlled by the central IT department and bypass many restrictions and security measures.
The interconnected nature of AI services means that companies must secure their own systems and thoroughly vet the security practices of every partner in their AI implementation chain.
Like any other shadow IT resources, AI services increase the likelihood of uncontrolled data flows, making it more difficult to protect them and comply with regulations or best practices.
Cybernews researchers responsibly disclosed the issue to WotNot on September 9th. It took a dozen follow-up emails and more than two months for the company to close access to the leaking data.
It is unclear if any third parties or threat actors accessed the exposed WotNot data. Therefore, it is recommended to monitor access logs retrospectively, perform regular security audits, and ensure that proper access restriction and encryption security measures are in place.
Disclosure timeline
- August 27th, 2024: Leak discovered.
- September 9th, 2024: Initial disclosure email sent and multiple follow-up emails, including alternative email addresses.
- November 12th, 2024: Instances closed to the public.
Updated on December 2nd [08:10 a.m. GMT] with a statement from WotNot
Your email address will not be published. Required fields are markedmarked