London-based tech firm Builder.ai, a leader in human-assisted AI for app development, has recently come under scrutiny after a significant data breach exposed over 3 million records totaling 1.29 TB.
The exposed database left unprotected and unencrypted, contained sensitive documents such as customer proposals, NDAs, invoices, tax records, and even cloud storage access keys, raising alarms about potential security vulnerabilities.
What Was Exposed?
The database contained:
- 337,434 invoices (18 GB), detailing transaction records.
- 32,810 master service agreements (4 GB), including NDAs with personal details such as names, emails, IP addresses, and project cost summaries.
- Sensitive internal files, including cloud storage configuration details with secret access keys, posing a hypothetical risk if accessed maliciously.
The database, labeled with references to both Engineer.ai and Builder.ai, suggests a connection to the company’s rebranding in 2019. Builder.ai, a prominent provider of AI-assisted app-building solutions, operates across the US, Europe, Asia, and the Middle East.
An ethical security researcher discovered the breach and responsibly disclosed the issue to Builder.ai on October 28. However, the database remained publicly accessible until November 27. Builder.ai cited “complexities with dependent systems” as the reason for the delay. It is unclear how long the database was exposed before discovery or whether any unauthorized access occurred.
Builder.ai has yet to provide a public statement regarding the breach but will likely face increased scrutiny from customers and cybersecurity advocates in the coming months.
