Overview
Severity: CRITICAL | Affected: VocaliQ | Category: breach
VocaliQ, a leading provider of AI-powered voice authentication and synthesis services, confirmed a massive data breach affecting its core customer database. Attackers exploited an insecure API endpoint connected to a misconfigured cloud storage bucket, gaining access to a dataset containing over 15 million unique voiceprints. These biometric identifiers, used by financial institutions and call centers for customer verification, were stored alongside internal user IDs and partially masked phone numbers. Security experts are calling this a critical incident, as the exposed voiceprints could be used to train deepfake models for sophisticated vishing (voice phishing) attacks, bypass voice-based security systems, and create unauthorized audio content of individuals. VocaliQ has engaged a cybersecurity firm to investigate the incident and is working with law enforcement. The company is facing intense scrutiny over its data security practices, particularly the storage and encryption standards used for sensitive biometric data. The breach highlights the growing risk of biometric data theft as AI applications become more widespread.