AI Apps Leak User Data: 1.5M Images & KYC Info Exposed

by Anika Shah - Technology
0 comments

AI App Data Leak Exposes Millions of User Files

A misconfigured database linked to the Android app “Video AI Art Generator & Maker” has exposed over 8.27 million media files, including nearly 2 million private photos and videos belonging to its users. The breach, discovered by researchers at Cybernews, highlights the growing security risks associated with the proliferation of AI-powered applications and the importance of secure data handling practices.

The Data Breach: What Happened?

The vulnerability stemmed from a misconfigured Google Cloud storage bucket, accessible to anyone with the correct link. This allowed unauthorized access to a vast collection of user-uploaded content. The exposed data included:

  • Over 1.5 million user images
  • More than 385,000 user videos
  • 2.87 million AI-generated videos
  • 2.87 million AI-generated images
  • Over 386,000 AI-generated audio files

The app, launched in mid-June 2023, had been storing multimedia uploads from users since its inception. Cybernews estimates the total size of the exposed data exceeded 12 TB [Cybernews].

Developer Response and Further Vulnerabilities

Following notification by Cybernews, the developers of “Video AI Art Generator & Maker,” Codeway Dijital Hizmetler Anonim Sirketi, secured the database. However, researchers also discovered a similar misconfiguration in another app developed by Codeway, called “Chat & Ask AI,” exposing data through a Google Firebase backend [Cybernews].

In early February 2026, Cybernews reported that Codeway’s apps had previously exposed 300 million messages tied to 25 million users [Yahoo Tech].

Broader Security Concerns in the AI App Landscape

This incident is not isolated. A separate investigation by Cybernews revealed another Android application, IDMerit, exposed understand-your-customer (KYC) data and personal identity information from users in 25 countries, primarily in the United States [DetikInet]. The exposed information included names, addresses, dates of birth, identity card numbers, and contact details, totaling approximately 1 TB of data.

Cybernews analysis indicates that a significant percentage of AI applications available on the Google Play Store – approximately 72% – exhibit similar security vulnerabilities, often due to the practice of “hardcoding secrets” directly into the application’s source code [DetikInet].

Protecting Your Data: What Users Can Do

Experts recommend caution when downloading AI applications, even from official app stores like Google Play. Users should prioritize apps from trusted developers and be mindful of the permissions requested by these applications. The potential for unauthorized access to personal data underscores the need for heightened vigilance in the rapidly evolving landscape of AI-powered tools [TechDigest].

Related Posts

Leave a Comment