Overview
Severity: CRITICAL | Affected: SynthCorp | Category: breach
SynthCorp, a leading provider of AI-powered voice synthesis services, has disclosed a major data breach affecting over two million users. The breach resulted from a misconfigured cloud storage bucket containing raw audio files and biometric voiceprints used to train their custom voice cloning models. Attackers reportedly accessed the data for several weeks before the exposure was discovered. The stolen data includes not only the voice samples but also associated user metadata, including names and email addresses. Security experts warn that this data could be used for sophisticated social engineering attacks, deepfake audio scams, and to bypass voice-based authentication systems. SynthCorp has notified affected users and is working with law enforcement. The incident underscores the critical need for robust security controls around sensitive biometric data used in AI training, as the potential for misuse of highly realistic synthetic voices is significant and poses a threat to personal and financial security.