2024-12
Data Leakage
WotNot

Chatbot vendor WotNot exposed 346K customer files including passports and medical records

What happened

Indian AI chatbot startup WotNot misconfigured a Google Cloud Storage bucket so it was readable by anyone on the internet. Cybernews researchers discovered the open bucket during routine OSINT work, and the company took two months to secure it after being notified.

Impact

About 346,000 files were exposed, including passports, national IDs, detailed medical records, and resumes belonging to businesses' end customers.

How this could have been prevented

Cloud storage policy changes must be followed by an explicit public-access verification step, and vendor disclosure reports should trigger immediate remediation.

Sources

More data leakage incidents

Would runtime governance have caught this?

Guardion enforces policy on every agent action inline — with visibility, tamper-evident evidence, and DLP for agents and MCPs.

Request a demo