(CBS Local) — When customers speak to Alexa, Amazon’s artificial intelligence-powered virtual assistant, somebody may be listening in, according to a new report.

Amazon employs thousands of people to listen to recordings from the company’s Echo speakers as part of an effort to improve the software, Bloomberg News reports.

The Alexa voice review team includes both contractors and full-time Amazon staff working in outposts around the world, including Boston, Costa Rica, India and Romania. Each reviewer is expected to check as many as 1,000 audio files in each 9-hour shift, two of the workers told Bloomberg.

The work is mostly mundane, Bloomberg reported. Some transcribe artist names to link them to specific musicians in the company’s database. Others simply transcribe users’ commands, comparing them with what the automated systems heard and the response they offered.

Sometimes the reviewers come across clips they find upsetting, or even potentially criminal. Two of the workers told Bloomberg they picked up what they believe was a sexual assault.

“We take the security and privacy of our customers’ personal information seriously,” an Amazon spokesman said in a statement emailed to Bloomberg. “We only annotate an extremely small sample of Alexa voice recordings in order [to] improve the customer experience.”

Over 100 million people around the world own Alexa devices. Users can opt out of having their recordings used for development purposes, but Amazon doesn’t explicitly tell Echo customers that humans might be listening to them.

“We use your requests to Alexa to train our speech recognition and natural language understanding systems,” the company says in a list of frequently asked questions.

Amazon says employees can’t trace back a specific recording to any specific user or account.

“We have strict technical and operational safeguards, and have a zero tolerance policy for the abuse of our system,” said the Amazon spokesman. “Employees do not have direct access to information that can identify the person or account as part of this workflow. All information is treated with high confidentiality and we use multi-factor authentication to restrict access, service encryption and audits of our control environment to protect it.”