Overview
Severity: CRITICAL | Affected: SynthVerse AI | Category: breach
Generative video startup SynthVerse AI has confirmed a critical security breach after an unauthorized actor gained access to its core cloud infrastructure. The breach, which occurred in late February, resulted from a misconfigured S3 bucket that was publicly exposed. The attackers exfiltrated the proprietary model weights for 'Chroma-1', the company's flagship text-to-video AI, along with a database containing the records of over 2 million users. The exposed user data includes names, email addresses, and a complete history of their generation prompts and resulting videos. This incident represents a devastating blow to SynthVerse, compromising both its core intellectual property and its user trust. The stolen model weights have since appeared on a darknet forum, raising fears of proliferation and misuse.