AI development service Builder.ai exposed over 1TB of data on three million users
Share:
Millions of Builder.ai users potentially affected. When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Builder.ai may have unwillingly exposed sensitive information on millions of its users, researchers have claimed.
![[The Python banner logo on a computer screen running a code editor.]](https://vanilla.futurecdn.net/cyclingnews/media/img/missing-image.svg)
Jeremiah Fowler, a security researcher known for hunting down non-password protected databases containing sensitive intel, said he discovered an archive with more than 3 million records. The database belongs to Builder.ai, a British no-code/low-code platform that enables businesses to quickly and affordably create custom software applications without requiring deep technical expertise.
Fowler said the database contained 3,077,542 records, totaling 1.29TB in size, including cost proposals, NDA agreements, invoices, tax documents, email correspondence screenshots, internal image files, and much more. “Among the most concerning files were two documents that indicated access and configuration details of two separate cloud storage databases that also included secret access keys,” Fowler said on Website Planet.
“It is hypothetically possible that those access keys could have revealed additional potentially sensitive data if they were to fall into the wrong hands.”. In total, there were 337,434 invoices and 32,810 files labeled Master service agreements. The latter also contained NDA agreements with names, emails, IP addresses, project cost summaries, and other project details.
