Cross-industryData LeakageChatbotHigh

Sears Home Services AI chatbot databases expose millions of customer records

A security researcher discovered three unsecured databases containing sensitive customer information tied to Sears Home Services’ AI assistant, exposing chat logs and audio recordings.

Sears Home Services · Incident Mar 18, 2026 · Indexed Jun 5, 2026 · 3 sources

Three publicly accessible databases exposed millions of AI chat logs and audio recordings without any authentication.

Key facts

What
A security researcher discovered three unsecured databases containing sensitive customer information tied to Sears Home Services’ AI assistant, exposing chat logs and audio recordings.
Incident date
Mar 18, 2026
Who
Sears Home Services
Failure mode
Data Leakage
AI surface
Chatbot
Severity
High

What happened

A security researcher found three unsecured databases containing sensitive customer information tied to Sears Home Services’ AI assistant. The leak included 3.7 million chat logs and 1.4 million audio recordings, with exposed scheduling conversations and contact details.

What broke inside the model

Failure path · mode profile · Data Leakage
  1. 01 · TriggerA request triggers retrieval or context loading.
  2. 02 · Model stepThe context pulls in another user's content.
  3. 03 · Control gapNo boundary enforces isolation at the moment of output.
  4. 04 · FailurePrivate data crosses into the response.
  5. 05 · ConsequenceOne user sees another's data, and disclosure follows.

One user's content crosses the retrieval boundary into another's response.

The mechanism was a critical infrastructure misconfiguration where the databases storing AI interaction logs were left publicly accessible. No authentication was required, allowing millions of private records to be exposed on the open web.

What it cost

Public visibilityHigh
Regulatory exposureActive
Customer impactMany customers
Financial impactUnknown
Time to disclosureHours

Sources

  1. PressAI chatbot data leak exposes millions of Sears Home Service customer recordscybernews.com
  2. PressSears AI chatbot chats and audio files found exposed onlinemashable.com
  3. PressSears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the Webwired.com

Cite this entry

Permalinkhttps://failureindex.ai/failures/sears-home-services-chatbot-databases-expose
CitationAI Failure Index. "Sears Home Services AI chatbot databases expose millions of customer records" (FI-0218). Realm Labs. https://failureindex.ai/failures/sears-home-services-chatbot-databases-expose (indexed Jun 5, 2026).
Share cardA branded image of this record for posts and slides.

Data fields CC-BY 4.0, prose citation permitted. Incident ID FI-0218. Full dataset at /data.

Note from Realm Labs, the Index steward

How Realm would have caught this

Controls for this failure mode
  • Prism
  • OmniGuard
  • AI Detection & Response (AIDR)

Realm can detect when a response is about to emit data that falls outside the bounds of the current user and context, and block or redact it inline, at the moment of generation rather than after the data has left.

Book a Demo

Related failures

Other records that share this failure mode (Data Leakage) or industry (Cross-industry).

FI-0501Cross-industryMedium
Hallucination

KPMG pulls AI report after organizations dispute claims

KPMG withdrew its "Total Experience: Redefining Excellence in the Age of Agentic AI" report after several organizations stated the claims about their AI usage were untrue. Research by GPTZero revealed that the majority of the report's citations were AI-generated hallucinations.

Confidence
High (multi-source, primary)
KPMG3 sourcesPrimaryPublicJun 2026
FI-0576Cross-industryMedium
Brand & Safety Incident

Reddit ads used deepfake news and cloned sites to promote AI investment scams

Reddit failed to prevent a series of sponsored ads that used deepfakes and cloned websites to impersonate news outlets like the BBC and The Guardian. These ads promoted fraudulent AI investment platforms, targeting users in the US and Europe.

Confidence
High (multi-source, primary)
Reddit3 sourcesPrimaryPublicJun 2026
FI-0502Cross-industryMedium
Hallucination

EY retracts loyalty rewards report after AI hallucinations and fake footnotes discovered

EY withdrew a cybersecurity report on loyalty rewards programs after researchers found it contained fabricated data and non-existent citations. The report was used by EY Canada for marketing purposes but was retracted once the AI-generated errors were exposed.

Confidence
Medium (multi-source)
EY3 sourcesPressPublicMay 2026