In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt break format to examine two high-impact security and privacy stories that every enterprise IT and security leader should be paying attention to.
First, we dive into a new lawsuit alleging that Meta can access or infer WhatsApp message contents, despite years of public claims that WhatsApp is fully end-to-end encrypted. We unpack what “access” really means in modern encrypted messaging systems, including metadata, client-side processing, backups, and enterprise risk implications—especially for organizations using WhatsApp for daily business communications.
Next, we examine a major data exposure involving Chat & Ask AI, a popular AI chatbot aggregator with tens of millions of users. Due to a backend Firebase misconfiguration, hundreds of millions of private conversations—including highly sensitive topics—were left publicly accessible. This incident highlights the growing risk of Shadow AI inside enterprises and the dangers of third-party AI wrappers that lack enterprise-grade security controls.
https://www.404media.co/massive-ai-chat-app-leaked-millions-of-users-private-conversations/
The episode closes with listener feedback on a previously covered UniFi Access vulnerability and a broader discussion on how organizations should educate, monitor, and protect users without resorting to blunt enforcement.