AI Girlfriend Apps Leak User Data, Including Intimate Conversations and Spending Habits

AI chatbots aren’t just for work anymore. Some offer intimate and romantic conversations, even generating corresponding images. But a recent security flaw exposed the private data of hundreds of thousands of users of two such apps. All messages, photos sent, and users’ IP addresses were visible to anyone with the right link, thanks to an unsecured middleware broker instance.

The affected apps are “Chattee Chat – AI Companion” and “GiMe Chat – AI Companion,” both from Hong Kong-based Imagime Interactive Limited. Security researchers at Cybernews discovered the vulnerability, which existed from late August to mid-September, and have now published their findings.

many Users, Few Protection measures

“Chattee” was more widely used, with 300,000 downloads on the Apple app Store and ranking as the 121st most popular app in the entertainment category.It’s no longer available on either the App Store or Google Play Store, as is “GiMe,” which had fewer users. The root cause of the leak? An unsecured instance of kafka, a middleware platform originally developed by LinkedIn and now part of the Apache Software Foundation.

According to Cybernews, Kafka coordinated data streams of private messages between users and the AI companions. This included links to photos and videos users submitted.