"One file contained 54,359 whole chat logs, featured from start to finish. Additionally, in instances when a customer failed to end a recorded phone call, the chatbot persisted for up to four hours, recording personal conversations and other information unrelated to the purpose of the service or call."
"Fowler explains how leaked chatbot logs and internal functionality can potentially reveal system prompts, conversation flows, guardrails, tuning decisions, and the accumulated knowledge that took significant resources to develop."
"Knowing exactly how the bot decides, escalates, refuses, or complies makes it far easier to manipulate it for fraud, misinformation, or automated social engineering."
Three publicly exposed databases containing 3.7 million records related to Sears Home Service were discovered. The leak involved an AI virtual assistant used for customer support, with exposed data including chat logs and personally identifiable information. The records revealed names, email addresses, physical addresses, phone numbers, and service details. The leak poses business risks, as competitors could reverse-engineer the AI assistant. Additionally, threat actors could exploit the exposed functionality to manipulate the AI for fraudulent activities. A responsible disclosure notice was sent to Transformco, leading to the database's inaccessibility.
Read at Securitymagazine
Unable to calculate read time
Collection
[
|
...
]