Overview
Severity: CRITICAL | Affected: Verbatim AI | Category: breach
Cloud-based transcription service Verbatim AI announced it was the victim of a significant data breach. Attackers gained access to a misconfigured cloud storage bucket containing over 15 million user records, including audio files, full transcripts, and personally identifiable information (PII). The breach, discovered on June 2nd, also exposed internal company data, including source code and pre-release weights for Verbatim's next-generation speech-to-text model. Security analysts believe the exposed credentials for a service account were found in a public code repository. The incident is a critical blow to the company and a stark reminder of the security risks associated with centralizing vast amounts of sensitive user data for training AI systems. The company is now working with law enforcement and has notified affected users.