Cybernews researchers have revealed a significant data breach involving WotNot, an Indian AI startup specializing in building and customizing bots for businesses. A misconfigured Google Cloud Storage bucket exposed sensitive records, including passports, medical records, resumes, and other personal information, to unauthorized access.
The exposed bucket, containing 346,381 files, has showcased the severity of a single security lapse. Cybernews highlighted that the breach compromised data from WotNot’s business clients and indirectly impacted thousands of individuals downstream.
Exposed sensitive data from WotNot include names, passport numbers, and birth dates, critical for identity verification. Medical records include detailed health data, including diagnoses and treatment histories. Resumes contained home addresses, contact information, and employment history. Other documents included travel itineraries and railway tickets.
The breach exposes affected individuals to identity theft, medical fraud, and other scams.
WotNot’s customer list includes notable organizations such as Merck, University of California, Amneal Pharmaceuticals, Zydus Group, and others among its 3,000 clients.
Cybernews disclosed the issue to WotNot on September 9th, but the company took over two months and multiple follow-ups to secure the exposed data. WotNot has yet to provide further comments regarding the breach.
The WotNot chatbot development platform allows companies to create intelligent, interactive, and customized bots for various uses with minimal or no coding skills. The platform supports deploying chatbots across multiple channels, including websites, WhatsApp, Facebook Messenger, and SMS. Wotnot is based in India and the USA.
This incident adds to growing concerns about the security practices of AI startups and larger tech companies. It underscores the importance of robust cybersecurity measures to prevent similar breaches, particularly as AI systems manage increasingly sensitive data.
Baburajan Kizhakedath
