A massive data breach has exposed over 10 million conversations from an AI-powered call center platform in the Middle East.
According to cybersecurity firm Resecurity, the breach involved unauthorized access to the platform’s management dashboard, allowing attackers to collect over 10.2 million interactions between consumers, operators and AI agents.
The firm warned the stolen data could be leveraged for advanced fraud, phishing schemes and other malicious activities using artificial intelligence.
The unnamed AI call center platform, reportedly used widely in industries like fintech and e-commerce, processes vast volumes of customer interactions. Many organizations rely on such platforms to improve efficiency and automate responses.
However, the breach revealed significant risks, particularly the exposure of personally identifiable information (PII) such as national ID documents. Resecurity’s investigation suggests attackers could exploit this data to orchestrate fraudulent activities by mimicking legitimate customer service exchanges.
Key risks associated with the breach include:
-
Data exfiltration: Attackers could mine PII for use in phishing and social engineering schemes
-
Trust exploitation: Bad actors could hijack conversations, convincing victims to reveal sensitive data like payment details
-
Session hijacking: Attackers might intercept AI-assisted communications between users and human operators, leading to further compromise
The breach underscores the growing vulnerability of AI-powered platforms, which are increasingly used across industries to improve customer service. While these systems offer personalized, efficient communication, they also pose a significant threat to data privacy if compromised.
Resecurity noted that the breach had been mitigated after alerting the affected parties and law enforcement. Still, the incident highlights broader concerns around the security of third-party AI systems and their role in handling sensitive customer data.
Read more on AI security risks: Tech Professionals Highlight Critical AI Security Skills Gap
“Conversational AI platforms have become a critical element of the modern IT supply chain for major enterprises and government agencies,” Resecurity said.
“Their protection will require a balance between traditional cybersecurity measures relevant to SaaS (Software-as-a-Service) and those specialized and tailored to the specifics of AI.”