Millions of call recordings exposed

Independent researcher Jeremiah Fowler said he discovered three publicly accessible, unencrypted databases tied to Sears Home Services and published his findings through an ExpressVPN report. (expressvpn.com) The datasets contained roughly 3.7 million chat logs and about 1,442,577 audio recordings and text transcripts spanning interactions dated 2024–2026, amounting to terabytes of stored voice and transcript data. (expressvpn.com) ExpressVPN’s review enumerated file-level details: about 2,116,011 scheduling TXT transcripts, 207,381 XLSX scheduling logs, and a CSV sample showing 54,359 complete chat logs. (expressvpn.com) The exposed records repeatedly referenced the AI voice agent named “Samantha” and the underlying platform “kAIros,” and included personally identifiable information such as customer names, home addresses, phone numbers, appliance details and appointment information in both English and Spanish. (expressvpn.com) Fowler said he sent a responsible‑disclosure notice to Transformco, Sears’ parent company, and reported that the databases were restricted from public access the following day, while ownership of the misconfigured stores (Sears vs. a third‑party vendor) remained unconfirmed. (expressvpn.com) Wired and Mashable reported that some audio files captured hours of ambient post‑call recordings and warned the exposed contact details and contextual service notes make targeted phishing and fraud easier for malicious actors; Transformco did not respond to WIRED’s requests for comment. (wired.com) ExpressVPN’s writeup noted the misconfiguration pattern—publicly accessible cloud databases and unencrypted files—and said only an internal forensic audit could determine whether the data was accessed maliciously before it was secured. (expressvpn.com)