Overview
Severity: CRITICAL | Affected: SynthVerse AI | Category: breach
SynthVerse AI, a prominent provider of generative image and video APIs, disclosed a significant data breach affecting its core cloud infrastructure. The attackers exploited a misconfigured Kubernetes cluster, gaining access to a production database containing 1.5 million user records. The exposed data includes user email addresses, hashed passwords, full prompt histories, and, most critically, thousands of active API keys. The company has invalidated all exposed API keys and is forcing a password reset for all users. Security analysts are concerned that the leaked prompt data could be used to reverse-engineer proprietary techniques or create targeted phishing campaigns. The incident underscores the growing threat surface for AI companies, where both user data and the intellectual property contained within prompts are valuable targets.