Indian artificial intelligence startup WotNot — which offers a business-focused AI chatbot builder used by Merck, Amneal Pharmaceuticals, and the University of California, among others — had 346,381 files leaked due to an unsecured Google Cloud Storage bucket, reports Cybernews.
Included in the files exposed by the misconfiguration, which was discovered in late August and resolved in November, were passports and national IDs, resumes, medical records, travel itineraries, and railway tickets, according to Cybernews researchers, who identified the leak. "While WotNot's scale may be modest, this leak presents a significant security and privacy threat and impact to affected individuals. The exposed personal documents provide threat actors a complete toolkit for identity theft, medical or job-related fraud, and various other scams," said researchers, who noted the importance of increased corporate data security responsibility as AI presents a new shadow IT resource. Meanwhile, WotNot urged the deletion of client content in the server as it committed to bolster its cybersecurity measures.
