Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the Web WIRED

pSears department stores have largely disappeared across the United States but the brand and its appliance repair service are still in business complete with a modern twist an AI chatbot and phone assistant named Samantha As the historic retailer steps into the future though new research shows that conversations people had with the chatbot were publicly exposed onlineppSince Sears is still a trusted name but largely out of the public eye security researcher Jeremiah Fowler was surprised and alarmed last month when he found three publicly exposed databases containing massive troves of chat logs audio files and text transcriptions of audio that contained personal details about Sears Home Services customers The Home Services division claims to be the USs largest appliance repair service provider and reports that it performs more than seven million repairs each yearppThe exposed Sears databases uncovered by Fowler which have since been secured contained 37 million chat logs plus 14 million audio files and plain text transcripts from 2024 to this year Fowler found that one CSV file about the incident contained 54359 complete chat logs Conversations Fowler saw included the chatbot introducing itself as Samantha an AI virtual voice agent for Sears Home Services with the logs also including the name of the companys AI technology kAIros The cache of data contained chats in both English and Spanish and included personal information about Sears customers such as names phone numbers home addresses appliances owned and information on delivery appointments and repairsppThe thing to remember is that it is real data of real people says Fowler a researcher with Black Hills Information Security While companies may be able to save money deploying AI he emphasizes that it is crucial they dont take any shortcuts when it comes to protecting that data securing that data At the bare minimum these files should have been password protected and encryptedppAfter finding the publicly accessible databases at the start of February Fowler emailed staff at Transformco the company that owns Sears and Sears Home Services and the databases were quickly secured he says It is unclear how long the databases were exposed online and whether anyone other than Fowler accessed them during that time Transformco did not respond to multiple requests for comment from WIRED about the information being available to anyone on the webppFowler says that when he disclosed the finding to Transformco he received a reply from someone who claimed that they were connecting him directly with a Samantha AI Chatbot manager He says that individual never replied to him though even after a follow up messageppAny exposed customer data is problematic but Fowler was particularly concerned about the Sears data for two reasons First such information would be extremely useful in phishing attacks because it includes details about customers contact information and home lives including their appliances which could be exploited for warranty scams and other targetingppThe second shock came from the fact that a surprising number of the audio calls captured hours of ambient audio after customers apparently thought a call had ended Some of the recordings were up to four hours long It is unclear why customers left the calls running once they were done speaking to the Sears AI agent but these extended recording sessions may have captured private conversations and sensitive details that Sears customers thought they were discussing privately as they went about their days You could hear the TV playing you could hear people having conversations and this recorded all of it Fowler saysppThe files also show people getting frustrated with glitchy chatbots which sometimes failed to answer questions or also pushed people toward human customer service agentsppJust two minutes into one 76minute audio call observed by Fowler the person trying to get help from the company asks to speak to a human The AI voice bot responds I am fully equipped to address your needs efficiently and can resolve your issue right away Whereas connecting with a live agent may involve a short wait Just a few minutes later the bot struggles to complete the task it is asked about I am facing some errors while assisting you with your plan Can I transfer your call to our live agent who will help with your requestppIn one text transcript which begins near 11 am and ends at 130 pm a person speaking with the Samantha AI virtual voice grows increasingly frustrated with the replies Wheres my technician they repeat 28 times in a row After getting some more responses they were unhappy with the transcript shows the person repeats Youre a computer Youre a computer Youre a computerppThe situation comes as companies continue to scramble to integrate generative AI into their technology stacks and the exposures highlight the privacy trust and reputational risks of using bots to directly interact with customers Carissa Véliz an author and associate professor at the University of Oxford says that in some circumstances people may feel safer when talking to a machine The machine after all will not want to rob your house she points out But she adds that people often have little choice about trusting companies with their sensitive informationppThey should also give people more choices the choice to talk with a human being if they prefer it and the choice to not have their conversation recorded Véliz says In the long run you want your customers to be safe and feel comfortable not alienated and exploitedppIn your inbox Will Knights AI Lab explores advances in AIppMetas facial recognition glasses could arm sexual predatorsppBig Story The snake bros getting bitten by their lethal petsppThe deepfake nudes crisis in schools is worse than you thoughtppListen Silicon Valley is spending millions to stop one of its ownppMore From WIREDppReviews and Guidespp 2026 Condé Nast All rights reserved WIRED may earn a portion of sales from products that are purchased through our site as part of our Affiliate Partnerships with retailers The material on this site may not be reproduced distributed transmitted cached or otherwise used except with the prior written permission of Condé Nast Ad Choicesp