Interaction with chatbots (ChatGPT, Gemini, Copilot, Claude, Perplexity, among others) has come to be treated as an intimate and secure space. Emotional, psychological, work-related, and medical concerns are entrusted to them. ESET, a leading company in proactive threat detection, analyzes what type of information is typically shared with AI chatbots, how it could be exposed, and what the real impact of a leak could be. Furthermore, they share digital best practices for continuing to use these tools without putting oneself at risk.

“It’s not new that many people use chatbots as if they were private spaces. Using them in this way contradicts the nature of these tools, since the platforms themselves emphasize that conversations can be stored, analyzed, or reviewed to improve the service. Chatbots were not designed as a confidential space, even though the conversational experience might lead one to think otherwise. While the main AI platforms claim to implement security and privacy measures (access controls, monitoring, infrastructure protection), this does not eliminate the risk of data breaches, nor is it synonymous with invulnerability,” highlights Martina Lopez, Cybersecurity Researcher at ESET Latin America.

When using them as personal assistants or even advisors, personal and sensitive information is often shared almost without realizing it. This includes:

• Personal data. Sensitive information such as name, age, city, and country, but also daily habits: where you work, who you live with, and your family composition. This information, combined and in the wrong hands, can be dangerous.
• Work-related information. Driven by the need to “Help me improve this,” many users share internal emails, contracts, reports, presentations, business strategies, campaigns, customer and supplier details, conversations, and support tickets. They also share source code and internal architectures.
• Medical, psychological, or emotional consultations. Chatbots are also perceived by many people as advisors or specialists (a practice that can be dangerous). Health-related issues are shared, such as symptoms, diagnoses, and medications, as well as personal matters like relationship conflicts, grief, questions they wouldn’t ask on other social media platforms, or requests for advice.
• Opinions, beliefs, and sensitive stances. Chatbots receive opinions from users with political or religious ideologies, views on companies, bosses, or colleagues, and also information that, taken out of context, can cause reputational damage.

“The problem isn’t what’s shared, but rather that false sense of intimacy and privacy, which can be shattered very easily. Months of conversations build a profile that can be extremely valuable to a cyberattacker,” adds Lopez from ESET.

The information shared with AI chatbots can be exposed and fall into the hands of cybercriminals for various reasons. The main one is if someone gains access to the account. This can happen by accessing the password, falling victim to a phishing attack, or using the same password for multiple services. Another reason is manipulated chatbots, which can be tricked with malicious prompts by cybercriminals to obtain user information. Furthermore, accepting terms and conditions without reading them is another risk, since chatbots collect and store usage information, such as history and conversations, to train their language model by default. It’s also important to consider potential security breaches, platform errors that expose user conversations and history, or if an extension or app is monitoring too much. For example, if a plugin is installed to enhance the chatbot’s capabilities and that app malfunctions, is vulnerable, or is malicious, the conversation could slip out of the main provider’s control.

The 5 key risks associated with a chatbot leak, according to ESET

1. Identity theft / Social engineering: Chatbot conversations provide human context. Cyberattackers can thus obtain information about habits, interests, routines, services used, problems that transcend these, and even the tone of voice used. This allows for much more personalized attacks, through emails or messages that appear to be written by someone familiar, scams that include real-life details, or identity theft that is much harder to detect.
2. Corporate espionage: Since many users rely on chatbots for work support, attackers can obtain confidential information such as strategies, documents, internal decisions, customer information, and pricing and/or product details. Beyond the legal risks this situation may entail, it can also represent a competitive advantage for third parties or the breach of certain contractual obligations.
3. Reputational damage: If private opinions, professional doubts, or intimate thoughts are exposed, the consequences can range from workplace conflicts to a loss of professional credibility.
4. Exposure of sensitive data: These types of chatbots are also used as a space for intimate consultations and often contain personal information such as symptoms, diagnoses, treatments, religious or political beliefs, and personal or family conflicts. If this information were leaked, the impact on the victim could be devastating: stigmatization, discrimination, and even emotional distress.
5. Extortion: When a cyberattacker has access to private information, they can exert pressure through credible threats and personalized blackmail. The goal? To obtain some kind of financial gain from the victim.

A good way to reduce the impact of exposed conversations is to adopt best practices when interacting with these chatbots. A highly useful preventative checklist

• Do not share personal data (ID number, date of birth, email, phone number) is ESET’s top recommendation.
• Anonymize real-life situations (change names, companies, locations).
• Do not attach sensitive documents, confidential information, or credentials.
• Review privacy settings (what is saved, what is used for training).
• Protect your account with a strong password and two-factor authentication.
• Use different accounts for work and personal use.
• Ask yourself: Would I say this out loud in a room with strangers?

“The comfort of a fluid, natural, and unjudged conversation makes us lower our guard and share information we would never publish in any other digital space. A leak of conversations exposes not only information but also routines, vulnerabilities, decisions, and emotions. However, this scenario should be taken as an invitation to understand what these platforms are and what they are not. They are not confidential spaces, personal advisors, or vaults of sensitive information. They are powerful tools, but like all technology, they require discretion, boundaries, and responsible digital habits,” concludes the ESET researcher.

ESET invites you to learn more about cybersecurity by visiting: https://www.welivesecurity.com/es/.

For other useful preventative information, also available in Venezuela:  https://www.eset.com/ve/, and on their social media channels @eset_ve. Also on Instagram (@esetla) and Facebook (ESET).

Information and image provided by ESET and Comstat Rowland

Follow our news on Google! For current, interesting, and accurate information, click here to see all the content on Bitfinance.news. You can also find us on X/Twitter and Instagram

La entrada What happen if our conversations with AI chatbots are exposed or revealed? apareció primero en Bitfinance.

Credential theft is a threat that has been plaguing the world for over a decade. In Latin America, it is growing steadily in tandem with digitalization and the rise in online fraud. Last year alone, more than 2.6 million credentials were compromised in the region, according to a 2025 SOCRadar report.

This material is of educational interest to both advanced and frequent users, as well as basic and occasional users, and we should pay attention to it. It may be useful to archive and preserve it. Keep in mind that all countries and internet users have some degree of vulnerability and are therefore at risk. No one is immune to this risk; we must act preventively to reduce or mitigate it.

ESET, a leading company in proactive threat detection, warns that access to an email account allows attackers to access banking services, corporate platforms, financial information, and even medical records.

The ways cybercriminals obtain user passwords vary in difficulty and technical expertise. ESET categorizes them into three methodologies: those that exploit social engineering techniques, those that use malware, and those that result from an attack on the organization that should be protecting them.

What methodologies do hackers use?

1.Social Engineering Techniques:

This method falsely uses the names of public entities or well-known companies to lower suspicion and increase the effectiveness of attacks. The most common method is sending emails or messaging applications in which the attacker impersonates a legitimate entity to deceive the victim and persuade them to voluntarily hand over their login credentials.

These messages share a common characteristic: they appeal to urgency and simulate a notification of a problem requiring immediate action: account issues, a rejected payment, problems with a reservation, among countless other excuses. They often contain a malicious link to sites that mimic legitimate ones to steal victims’ sensitive data, such as passwords and usernames.

Another form phishing takes is through fake websites that rank highly in search engine results like Google with sponsored ads, because the attacker pays for visibility to impersonate real pages. In these scenarios, even cautious people can be tricked into clicking on a seemingly legitimate result that replicates the visual identity of banks, email platforms, cloud services, or reputable companies.

2.Distribution of specific malware:

Another common way to steal passwords is through the use of malware, which activates once the user’s device has been compromised. In these cases, ESET explains, there is no specific deception or alert message; instead, the theft occurs in the background, often without the victim noticing.

Infostealers, keyloggers, and spyware all share the common characteristic of continuously collecting sensitive information, including passwords stored in browsers, autofill data, application credentials, and active sessions. The impact of these types of malware is not limited to a single account, as the malicious program continues to collect credentials as long as the user uses the infected device, ESET points out.

Within this same ecosystem, banking Trojans emerge, specifically targeting login credentials for bank accounts and financial platforms. Through fake windows, they capture data the moment the user enters it. This type of threat, not new to the region, exceeded 650,000 unique detections in 2025, 110,000 of which belonged to a single family: Guildma.

3.Attacks on organizations:

Another significant source of credential theft is incidents where an organization’s databases are exposed due to a weakness or failure in its systems. In the most critical scenarios, leaks include complete credentials, either in plain text or with weak security mechanisms, allowing attackers to reuse them immediately. However, even when passwords are not directly exposed, leaked emails or usernames remain valuable to malicious actors. This information is then used as the basis for credential stuffing or brute-force attacks, exploiting the reuse of passwords across different services.

Once a database is compromised, the information can circulate for years in underground forums and be reused in different contexts and against multiple platforms. In this way, a single breach in one organization ends up amplifying the risk for other companies and for users themselves, even long after the original incident has been fixed.

“There are also brute-force threats. These consist of automatically trying multiple username and password combinations until successful access is achieved, without needing to deceive the user or compromise their device beforehand. They typically rely on lists of common passwords or credentials leaked in previous incidents, taking advantage of password reuse and the lack of additional authentication controls. When exposed services lack mechanisms to limit login attempts or adequate monitoring, this type of attack remains effective, especially against remote access, web applications, and corporate services published on the internet,” comments Martina López, Cybersecurity Researcher at ESET Latin America.

It is advisable to combine and add best practices with preventative measures

Credential theft by cybercriminals can occur through various vectors. The ESET research team maintains that prevention does not depend on taking a single measure, but rather on a combination of practices:

• Use unique and strong passwords for each service, since credential stuffing is common among cyberattackers using credentials that are sold commercially.
• Enable multifactor authentication whenever possible, as this mechanism complements and strengthens the passwords you use.
• Be wary of unexpected messages and avoid downloading files or clicking on suspicious links, as malware and phishing remain the most common ways credentials are stolen.
• Store passwords in password managers and avoid saving them in plain text or on shared devices.
• Keep systems and applications updated to patch any vulnerabilities.
• Review unusual access and activity on your accounts, either by keeping login alerts enabled or by checking the privacy or access settings of your applications.

In the event that a password has already been stolen, ESET emphasizes that reaction time makes the difference between an isolated incident and a major problem. Therefore, they recommend:

• Change the affected passwords and any others where the same credentials were used.
• Close active sessions on the affected account and revoke recent access in services and applications where possible.
• Check for unauthorized changes to accounts and monitor for future changes to messages, settings, payments, and other data.
• Use a security tool on potentially affected devices to remove any malicious code.

“While password theft is not a new problem, it continues to grow and adapt to new technologies, along with our increasingly complex digital lives. In this context, digital literacy and best practices become essential to protect our identity, information, and devices at both the individual and corporate levels. Staying informed is vital to staying ahead of the latest cybersecurity trends,” concludes López from ESET.

ESET invites you to learn more about cybersecurity by visiting: https://www.welivesecurity.com/es/.

For other useful preventative information, also available in Venezuela at:  https://www.eset.com/ve/, and on their social media channels @eset_ve. Also on Instagram (@esetla) and Facebook (ESET).

Information and images provided by ESET and Comstat Rowland

Follow our news on Google! For current, interesting, and accurate information, click here to see all the content on Bitfinance.news. You can also find us on X/Twitter and Instagram

La entrada Recommendations to reduce credential theft: This digital risk is very common in Latin America apareció primero en Bitfinance.

Cybercriminals have found that using artificial intelligence allows them to enhance their scams, making their deceptions more realistic and harder to detect. Recently, fake videos have surfaced impersonating internationally renowned figures, such as Lionel Messi or the CEO of a major organization.  However, these scams also occur on a smaller scale, such as targeting a school principal in the United States. ESET, a leading proactive threat detection company, reviews some of the cases where deepfakes were the main tool used in scams that resulted in millions of dollars in losses or the compromise of sensitive information.

Deepfake is an artificial intelligence-based technique for synthesizing human images to create fake content from scratch, using existing videos or even just a still image. They are designed to replicate the appearance and voice of a real person.

“With the evolution of Artificial Intelligence, these videos and audio recordings seem increasingly real. Many exploit the image of public figures or well-known entities to say something false, as part of a scam that aims to obtain money or sensitive information,” says Camilo Gutiérrez Amaya, Head of the ESET Latin America Research Lab.

ESET compiled amazing, truly real, and recent cases

Lionel Messi: The Argentine football player is one of the most recognized personalities worldwide. In this case, cybercriminals exploited his popularity to carry out a deepfake scam, promoting an app that promised suspiciously high and irresistible earnings. The app in question was called “Wildcat Dive,” and in the fake video, Messi claimed it was one of his main sources of income and that it had helped many people earn money. Through advertisements on the social network Instagram, the cybercriminals distributed snippets of a fabricated interview, which was based on a real interview the footballer had given to a well-known Argentine streaming program.

Arup: In early 2024, the architectural firm that designed the Sydney Opera House and the Etihad Stadium, Arup, made headlines when a financial employee at the company’s Hong Kong office received a video call from (allegedly) the company’s CFO. The result of the meeting was 15 transfers totaling over $25 million. The bad news is that it was actually a deepfake, so the transfers had not been approved by anyone in the company.

Ferrari: In this case, cybercriminals attempted a deepfake voice scam, impersonating Benedetto Vigna, the CEO of the automotive company. In July 2024, using voice imitation, they tried to convince the company’s finance executives to make a large money transfer. One of the employees became suspicious and asked a question that the AI ​​used in the scam could not answer correctly. Not only did this attack fail, but it prompted Ferrari to reinforce its employee training to prevent similar scams in the future.

WPP: One of the world’s largest advertising companies was also the target of a scam attempt involving a deepfake. In mid-2024, cybercriminals used a fake WhatsApp account, a voice recording, and YouTube footage of a virtual meeting to impersonate the company’s CFO, Mark Read. The malicious actors organized a meeting via Microsoft Teams, under the pretext of creating a new company, and used this as a lure to obtain money and sensitive personal data from the company. According to WPP, this attack was unsuccessful thanks to the company’s vigilance and the training its employees received to detect these scams.

School in Baltimore: Not only high-profile companies are targeted by deepfakes. In this case, a school principal was heard making racist and antisemitic comments. The incident went viral (over 2 million views) and resulted in death threats against the educator. After an investigation, local police confirmed that the audio was a fake, manipulated with AI.

Elon Musk: A cryptocurrency investment scam used Elon Musk’s image to spread ads on X and YouTube, promoting supposed investment opportunities that promised high returns on Bitcoin. The ads included a link to a fraudulent website where unsuspecting users were asked to make initial deposits to participate in the alleged investment. According to the US Federal Trade Commission, the scam, which included deepfakes, resulted in losses of over $80 million for more than 7,000 victims who believed in the supposed investment.

President Zelensky: Politics was also affected by deepfake scams. In March 2022, during the conflict between Russia and Ukraine, a fake video circulated showing Ukrainian President Volodymyr Zelensky urging his troops to surrender. The president responded almost immediately with a genuine video posted on his official channels.

While deepfake scams are becoming increasingly realistic and difficult to detect, ESET shares some best practices to reduce the risk of falling victim to these types of scams

• Be wary of eye-catching advertisements that offer an opportunity for easy and unrealistic gains. Also be suspicious of those that feature well-known celebrities.
• Pay attention to the video quality: if there are visual glitches, poor synchronization, or low resolution, it is likely a deepfake.
• Use security software on all devices to help block fake websites and emails containing malicious content.
• For businesses, it is important to not authorize payments solely based on a phone call or video call. Consider using keywords or internal codes as an additional verification method.
• Continuous training is essential: being trained to recognize the warning signs of deepfakes and scams is another key practice.
• Take advantage of the tools currently available to detect deepfakes and combat misinformation.

ESET invites you to learn more about cybersecurity by visiting: https://www.welivesecurity.com/es/.

For additional useful preventative information, visit ESET’s website in Venezuela: https://www.eset.com/ve/, and follow them on social media @eset_ve. Also on Instagram (@esetla) and Facebook (ESET).

Information and images courtesy of ESET and Comstat Rowland

Visit our news channel on Google News and follow us to get accurate, interesting information and stay up to date with everything. You can also see our daily content on X/Twitter and Instagram

La entrada ESET reports and summarizes 7 shocking real-life cases of scams using deepfakes apareció primero en Bitfinance.

Recently the Venezuelan British Chamber of Commerce (BritCham) entertained a dinner at the Caracas Country Club for the presidents of the different Chamber working committees, in appreciation for their hard work and support of the different meetings held throughout the year.

The dinner was presided by Jesús Castillo – Executive President and Ian Stein – General Manager of the Chamber, accompanied by Rafael Núñez (MasQueDigital Director), President of the Technology, Information and Communications Committee – TIC; Ana Azevedo  (PWC Partner)- Vice President of the Finance and Tax Committee; José Adelino Pinto (Mercer Leader for Venezuela), President of the Human Resources Committee, Juan José Morales – (IBM Executive) – Young Executives Committee (Y.E.S.) Coordinator, José David Rivas (Diageo Security Manager), President of the Security Committee; and Carlos García Soto (Lega Partner), President of the Legal Committee.

The purpose of each Committee is to offer a venue for reflection and active interaction, on best practices, promoting the relationship between its members and the constant updating of corporate management for planning, design and achievement of its strategic objectives.

Participation in these Committees is by invitation, and is free of charge for members of the Chamber.

With information and images from the British Venezuelan Chamber of Commerce, El Sumario, Doble Llave and social networks

Visit our news channel on Google News and follow us to get accurate, interesting information and stay up to date with everything. You can also see our daily content on Twitter and Instagram

La entrada British Venezuelan Chamber celebrated the work of the presidents of its Committees in 2023 apareció primero en Bitfinance.