Lily Hay Newman Matt Burgess Security Mar 17, 2026 6:00 AM Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the Web Customer conversations with chatbots can include contact information and personal details that make it easier for scammers to launch phishing attacks and commit fraud. Photo Illustration: WIRED Staff; Getty Images Save this story Save this story Sears department stores have largely disappeared across the United States, but the brand and its appliance repair service are still in business, complete with a modern twist: an AI chatbot and phone assistant named Samantha. As the historic retailer steps into the future, though, new research shows that conversations people had with the chatbot were publicly exposed online. Since Sears is still a trusted name but largely out of the public eye, security researcher Jeremiah Fowler was surprised and alarmed last month when he found three publicly exposed databases containing massive troves of chat logs, audio files, and text transcriptions of audio that contained personal details about Sears Home Services customers. The Home Services division claims to be the US’s “largest appliance repair service provider” and reports that it performs more than seven million repairs each year. The exposed Sears databases uncovered by Fowler, which have since been secured, contained 3.7 million chat logs, plus 1.4 million audio files and plain text transcripts from 2024 to this year. Fowler found that one CSV file about the incident contained 54,359 complete chat logs. Conversations Fowler saw included the chatbot introducing itself as “Samantha, an AI virtual voice agent for Sears Home Services,” with the logs also including the name of the company’s AI technology “ kAIros. ” The cache of data contained chats in both English and Spanish and included personal information about Sears customers, such as names, phone numbers, home addresses, appliances owned, and information on delivery appointments and repairs. “The thing to remember is that it is real data of real people,” says Fowler, a researcher with Black Hills Information Security. While companies may be able to save money deploying AI, he emphasizes that it is crucial they “don't take any shortcuts when it comes to protecting that data, securing that data. At the bare minimum, these files should have been password protected and encrypted.” After finding the publicly accessible databases at the start of February, Fowler emailed staff at Transformco, the company that owns Sears and Sears Home Services, and the databases were quickly secured, he says. It is unclear how long the databases were exposed online and whether anyone other than Fowler accessed them during that time. Transformco did not respond to multiple requests for comment from WIRED about the information being available to anyone on the web. Fowler says that when he disclosed the finding to Transformco, he received a reply from someone who claimed that they were connecting him directly with a Samantha AI Chatbot manager. He says that individual never replied to him, though, even after a follow -up message. Any exposed customer data is problematic, but Fowler was particularly concerned about the Sears data for two reasons. First, such information would be extremely useful in phishing attacks, because it includes details about customers’ contact information and home lives, including their appliances, which could be exploited for warranty scams and other targeting. The second shock came from the fact that a surprising number of the audio calls captured hours of ambient audio after customers apparently thought a call had ended. Some of the recordings were up to four hours long. It is unclear why customers left the calls running once they were done speaking to the Sears AI agent, but these extended recording sessions may have captured private conversations and sensitive details that Sears customers thought they were discussing privately as they went about their days. “You could hear the TV playing, you could hear people having conversations, and this recorded all of it,” Fowler says. The files also show people getting frustrated with glitchy chatbots, which sometimes failed to answer questions or also pushed people toward human customer service agents. Just two minutes into one 76-minute audio call observed by Fowler, the person trying to get help from the company asks to speak to a human. The AI voice bot responds: “I am fully equipped to address your needs efficiently and can resolve your issue right away. Whereas connecting with a live agent may involve a short wait.” Just a few minutes later, the bot struggles to complete the task it is asked about. “I am facing some errors while assisting you with your plan. Can I transfer your call to our live agent who will help with your request?” In one text transcript, which begins near 11 am and ends at 1:30 pm, a person speaking with the Samantha “AI virtual voice” grows increasingly frustrated with the replies. “Where's my technician?” they repeat 28 times in a row. After getting some more responses they were unhappy with, the transcript shows, the person repeats: “You’re a computer. You’re a computer. You’re a computer.” The situation comes as companies continue to scramble to integrate generative AI into their technology stacks, and the exposures highlight the privacy, trust , and reputational risks of using bots to directly interact with customers. Carissa Véliz, an author and associate professor at the University of Oxford, says that in some circumstances people may feel safer when talking to a machine. “The machine, after all, will not want to rob your house,” she points out. But she adds that people often have little choice about trusting companies with their sensitive information. “They should also give people more choices: the choice to talk with a human being if they prefer it and the choice to not have their conversation recorded,” Véliz says. “In the long run you want your customers to be safe and feel comfortable, not alienated and exploited.” You Might Also Like In your inbox: The week’s biggest tech news in perspective This popular pro-Trump X account is apparently run by a White House staffer Big Story: The five big ‘known unknowns’ of Trump’s war with Iran The system that intercepted Iran’s missiles over the UAE Listen: The Pentagon vs. “woke” Anthropic Lily Hay Newman is a senior writer at WIRED focused on information security, digital privacy, and hacking. She previously worked as a technology reporter at Slate, and was the staff writer for Future Tense, a publication and partnership between Slate, the New America Foundation, and Arizona State University. Her work ... Read More Senior Writer Matt Burgess is a senior writer at WIRED focused on information security, privacy, and data regulation in Europe. He graduated from the University of Sheffield with a degree in journalism and now lives in London. Send tips to Matt_Burgess@wired.com. ... Read More Senior writer Topics artificial intelligence privacy data breaches chatbots Read More How to Avoid Getting Locked Out of Your Google Account Make a recovery plan now to avoid losing access to your account in the future. David Nield Data Broker Breaches Fueled Nearly $21 Billion in Identity-Theft Losses A report copublished by WIRED sparked a probe into opt-out pages hidden by data brokers. Now congressional Democrats say breaches tied to the industry have cost people tens of billions of dollars. Dell Cameron Summon This AI Agent by Speaking Its Wake Word Mid-Phone Call Deutsche Telekom, the German cell provider—which holds a majority stake in T-Mobile—is partnering with ElevenLabs to enable an AI assistant on all of its network’s calls in Germany. No app required. Boone Ashworth Here’s What a Google Subpoena Response Looks Like, Courtesy of the Epstein Files The US Justice Department disclosures give fresh clues about how tech companies handle government inquiries about your data. Maddy Varner Tin Can Is a Dumb Phone for Kids. Can Someone Teach Them How to Use It? With its twirly cord and landline-like features, the Tin Can is giving kids a crash course in phone etiquette. For example: Talk! Anna Holmes Huxe Will Give You a Personalized, Daily Audio Summary Powered by AI The app reads your email inbox and your meeting calendar, then gives you a short audio summary. It can help you spend less time scrolling, but of course, there are privacy drawbacks to consider. David Nield CBP Used Online Ad Data to Track Phone Locations Plus: Proton helped the FBI identify a protester, the Leakbase cybercrime forum was busted in an international operation, and more. Lily Hay Newman Government Docs Reveal New Details About Tesla and Waymo Robotaxis’ Human Babysitters Self-driving-vehicle companies are revealing new details about their safety-critical “remote assistance” programs—but questions remain. Aarian Marshall How Journalists Are Reporting From Iran With No Internet After strikes killed senior Iranian officials, Iran cut off internet access. Journalists are relying on satellite links, encrypted apps, and smuggled footage to report from inside the country. Mahmoud Aslan DHS Wants a Single Search Engine to Flag Faces and Fingerprints Across Agencies Homeland Security aims to combine its face and fingerprint systems into one big biometric platform—after dismantling centralized privacy reviews and key limits on face recognition. Dell Cameron A Hacker Accidentally Broke Into the FBI’s Epstein Files Plus: A porn-quitting app exposed the masturbation habits of hundreds of thousands of users, Russian hackers are trying to take over people’s Signal accounts, and more. Andy Greenberg This AI Tool Will Tell You to Stop Slacking Off Fomi watches you work, then scolds you when your attention wanders. It’s helpful, but there are privacy issues to consider. Justin Pot