Overview
Severity: CRITICAL | Affected: VocalizeAI | Category: breach
VocalizeAI, a prominent platform for creating realistic AI voice clones, disclosed a critical security breach affecting millions of users. Attackers exploited an unpatched vulnerability in a third-party data pipeline tool to gain unauthorized access to a production database. The compromised dataset includes user emails, password hashes, and, most critically, approximately 5 million unique user voiceprints. These high-fidelity biometric signatures are the core data used to train the company's voice synthesis models. Security experts are concerned that the exposed voiceprints could be weaponized for sophisticated vishing (voice phishing) campaigns, deepfake audio fraud, and identity theft. VocalizeAI has taken the affected systems offline, initiated a forensic investigation, and is now notifying impacted users, urging them to be vigilant against unusual communication.