Cybersecurity Researcher Jeremiah Fowler discovered three different publicly exposed databases containing 3.7 million records, of which all observed data appeared to belong to Sears Home Service. The data leak affected an AI virtual assistant utilized for customer support services (such as managing scheduling, online chats, and phone calls).

Exposed records included:

• Audio recordings
• Phone call text transcriptions
• Chat log transcriptions

One file contained 54,359 whole chat logs, featured from start to finish. Additionally, in instances when a customer failed to end a recorded phone call, the chatbot persisted for up to four hours, recording personal conversations and other information unrelated to the purpose of the service or call.

Within the exposed records, the personally identifiable information (PII) of customers could be accessed. This data included: 

• Names
• Email addresses 
• Physical addresses 
• Phone numbers
• Service details (with information such as products, accounts, repairs or delivery appointments). 

Data leaks like this could have business and security ramifications. Fowler explains how leaked chatbot logs and internal functionality “can potentially reveal system prompts, conversation flows, guardrails, tuning decisions, and the accumulated knowledge that took significant resources to develop,” warning that if leaked, a business competitor could hypothetically reverse-engineer the AI assistant, skipping years of research and construction in order to launch a similar product at a lower expense. 

From a security standpoint, Fowler points out that threat actors could leverage the exposed functionality to find vulnerabilities, evade security measures, and exploit the AI assistant at scale. “Knowing exactly how the bot decides, escalates, refuses, or complies makes it far easier to manipulate it for fraud, misinformation, or automated social engineering,” Fowler warns. 

A responsible disclosure notice was sent to Transformco, Sears Home Services’ parent company. The database was made inaccessible the following day. Fowler was informed his notice had been forwarded to an individual managing the AI chatbot; however, Fowler received no reply nor did he receive a response to any follow up. 

It is unknown how long the database was exposed before Fowler discovered it. Likewise, it is unknown if any malicious actors gained access.