Cybersecurity researcher Jeremiah Fowler uncovered a major data exposure involving an AI virtual assistant used by Sears Home Services for scheduling, customer support, phone calls, and online chats.
According to Fowler’s report, three publicly accessible databases were left unprotected without password security or encryption, exposing roughly 3.7 million records. The leaked data reportedly included chat transcripts, audio recordings, and text transcriptions of customer phone calls collected between 2024 and 2026.
Fowler said the exposed files contained repeated references to Sears Home Services and included conversations in both English and Spanish. The records also mentioned “Samantha” and “KAIros,” which appear to be tied to Sears’ AI-driven customer service systems. In the samples he reviewed, Fowler found personally identifiable information such as customer names, physical addresses, email addresses, phone numbers, and details related to products, repairs, services, accounts, and delivery appointments. One CSV file alone reportedly contained more than 54,000 complete chat logs.
After identifying the exposed databases, Fowler said he sent a responsible disclosure notice to Transformco, the parent company of Sears Home Services. Public access to the data was reportedly restricted the following day. He later received a response saying the notice had been forwarded to the person managing the Samantha AI chatbot, although he said no further reply was received.
It remains unclear whether the exposed databases were managed directly by Sears Home Services or by a third-party contractor. Fowler also noted that it is unknown how long the records were publicly accessible or whether anyone else may have accessed them before they were secured. He said only an internal forensic audit could determine whether there had been any unauthorized activity.
The scale of the exposure was significant. Fowler reported that the databases included more than 2.1 million text files containing scheduling transcripts, more than 207,000 spreadsheet files, and audio logs totaling over 415GB, and about 1.4 million audio recordings with related transcripts totaling nearly 3.9TB. He also said some recordings appeared to continue for up to four hours when customers did not hang up, potentially capturing unrelated private conversations.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
