Imagine trusting a tech company to handle your data securely, only to find out they’ve left sensitive files wide open for anyone to access. That’s exactly what happened with Ahmedabad-based AI startup WotNot, known for helping businesses create custom chatbots.
Due to a misconfigured cloud storage bucket, nearly 350,000 sensitive files were left exposed online, raising serious concerns about the company’s data security practices.
Let’s dive into what went wrong and what this means for businesses and users alike.
What Happened?
On August 27, 2024, Cybernews researchers uncovered a shocking security lapse: an unprotected Google Cloud Storage bucket containing a staggering 346,381 files. Among the exposed files were:
- Passport and identity document scans
- Medical records
- Resumes
- Travel itineraries
Even more alarming, this sensitive information was accessible without a password or any authentication—essentially left wide open for anyone to exploit. Such negligence puts users at serious risk, as cybercriminals could easily use this data for identity theft and other harmful activities.
Delayed Response
Cybernews reached out to WotNot to alert them about the issue on September 9, 2024. Despite sending multiple follow-up emails, including to alternative email addresses, it took WotNot more than two months to secure the exposed data.
WotNot explained that the breach stemmed from modifications to cloud storage bucket policies to accommodate specific use cases. However, they admitted to failing to thoroughly verify the bucket’s accessibility, which left the data exposed.
Takeaway
Until AI platforms adopt stricter safeguards, it’s wise to avoid sharing sensitive information with chatbots or similar tools. Your privacy is too valuable to leave in the hands of a company that might not treat it with the respect it deserves.
How can OptfinITy Help?
OptfinITy works with our clients to make sure they understand the tools and software they use before potentially making these mistakes. Would you like to learn more, contact us at OptfinITy by calling 703-790-0400 or send an email to sales@optfinITy.com today.
Leave a Reply