Overview
Severity: CRITICAL | Affected: VocaliQ | Category: breach
VocaliQ, a prominent AI voice synthesis startup, disclosed a significant data breach that exposed a database containing over 5 million unique user voiceprints. The threat actor gained access through a misconfigured cloud storage bucket that was publicly accessible. The exposed data includes raw voice recordings used for training custom AI voices, along with associated user metadata like email addresses and names. Security experts warn that this data could be used to create deepfake audio for phishing attacks, social engineering, and bypassing voice-based authentication systems. VocaliQ has since secured the bucket and is working with law enforcement. The incident underscores the critical importance of securing sensitive biometric data used in AI training and the severe consequences when such data is compromised.