Overview
Severity: HIGH | Affected: SynthVerse | Category: breach
AI video generation startup SynthVerse has disclosed a significant data breach stemming from a misconfigured cloud storage bucket. The exposed dataset contained over 10 million user prompts, associated metadata, and links to a subset of the generated video outputs. Security researchers discovered the publicly accessible bucket and alerted the company. While no direct personal identifiable information (PII) such as names or payment details were exposed, the detailed prompts could be used to infer user interests, de-anonymize individuals, or reverse-engineer proprietary fine-tuning techniques used by enterprise clients. The incident highlights the growing security challenge of managing vast amounts of user-generated data for training and inference in AI-native companies. SynthVerse has since secured the bucket and is notifying affected users, stating that they are implementing stricter cloud security protocols and undergoing a full third-party audit of their infrastructure to prevent future occurrences.