Chatbot Blog Image

Chatbots: The Latest Target for Hackers


Every hotfix deployed to a security system deters hackers, but it also gives them reasons to find another way to access your data. It’s why security specialists are never able to finally rest. After one fix is deployed, it’s time to watch for the next vulnerability.


One such vulnerability that’s taking off in the hacking arena is the use of chat bots. Chat bots are affordable ways for brands to communicate with customers and provide answers. Think of Siri or Amazon’s Alexa. You ask a question and the bot provides you with an answer. These bots are top of the line communication tools, but website owners can buy into more simplistic bots that help answer common customer questions.


In many cases, the user does not know they are speaking to a bot. The user might send login credentials or credit card information to the bot not realizing it’s not a human responding. The bot program determines what to do with this information. It could redirect the user to a human customer service representative, or direct the user to the right department.


What happens if a hacker is able to infiltrate the bot solution? That’s the aim of many hackers that have taken interest in bot programs. Chatbots are usually simple programs running on the web that plug into a website code. If it’s poorly programmed, it could be a vector for a hacker to quietly eavesdrop on a conversation or even communicate directly with your customers.


Even more concerning is that chatbots are usually a “set it and forget it” type of technology. Once the technology integrates with the website, the site owner can leave it to answer questions with an occasional test to see if it’s functioning properly and answering questions as expected. If the hacker is able to eavesdrop, even a human reviewer might not catch on to the conversation’s vulnerability.


If you decide to use chatbots as part of your brand communication, it should be incorporated only after penetration testing and a security review. Most bot creators will promise that their code is secure, but you should perform an independent test and security analysis. Thorough testing after it’s implemented is also necessary. As with any external code, it’s imperative that you thoroughly review its code and implementation to protect your data from hackers. Once a hacker is able to eavesdrop on a chatbot, it can mean dire consequences for the brand and its reputation.



  • Download latest cyber security report
  • Register for our free 2 week digital health check