Several AI chatbots designed for fantasy and sexual role-playing conversations are leaking user prompts to the web in almost real time, new research seen by WIRED shows. Some of the leaked data shows people creating conversations detailing child sexual abuse, according to the research. Conversations with generative AI chatbots are near instantaneous--you type a prompt and the AI responds. If the systems are configured improperly, however, this can lead to chats being exposed. In March, researchers at the security firm UpGuard discovered around 400 exposed AI systems while scanning the web looking for misconfigurations.

Forty-seven government entities and privacy companies, including Microsoft, exposed 38 million sensitive data records online by misconfiguring the Windows giant's Power Apps, a low-code service that promises an easy way to build professional applications. Security biz UpGuard said that in May one of its analysts found that the OData API for a Power Apps portal offered anonymously accessible database records that included personal details. That led the security shop to look at other Power Apps portals and its researchers found over one thousand apps configured to make data available to anyone who asked. Among the entities identified by UpGuard are: state and municipal government bodies in Indiana, Maryland, and New York City, and private enterprises like American Airlines, Ford, JB Hunt, and Microsoft. There's no indication so far that information has been misused.

From malicious hacks to accidental misconfigurations, Chris Vickery has seen it all. But as cybercriminals continue to innovate, Vickery, the director of risk research with UpGuard, said one emerging security threat will "blindside" the world: "fakeable" voices. More bad actors using artificial intelligence (AI) will create copycat voices of a trusted family member or executive, he said – and they then call individuals – and even enterprises – and scam them out of money or valuable data. Vickery also talks to Threatpost about fringe data breach discoveries he's encountered over the last few years, as well as how the process of data breach disclosure is shifting and the best first steps companies can take once a data breach has been discovered. Find the full video interview with Vickery below, or click here. Below is a lightly edited transcript of the interview.

In what seems like a broken record, Facebook is facing another scandal related to the transparency of its user data. The UpGuard cybersecurity firm reports that it uncovered two cases in which massive buckets of third-party Facebook app data were left exposed on the public internet. In one such case, a Mexico-based media company named Cultura Colectiva amassed 146 gigabytes of data with more than 540 million records. The records are said to include user comments, likes, reactions, account names, Facebook IDs and more. Don't yell, text: The new normal of how families'talk' at home Another exposure, UpGuard says, came from a since-discontinued Facebook-integrated app called At The Pool and was apparently posted on a public Amazon cloud server.

Facebook is still a privacy nightmare. The company's history of porous data sharing continues to haunt both it and us (its fairly helpless users) on the regular. On Wednesday, researchers from the cybersecurity firm UpGuard shared that they found two massive troves of exposed Facebook user data that had been posted publicly on Amazon cloud servers. The data included users' passwords, names, comments, and likes. The scope of this particular privacy foul from Facebook is tremendous: More than 540 million user records were sitting in plain sight, available to anyone who found them.