AI Girlfriend Apps Leak Millions of Private Chats, Exposing Users’ Intimate Conversations
The cybersecurity firm Cybernews has uncovered a massive data breach involving the AI companion apps Chattee Chat and GiMe Chat, which exposed over 43 million private messages and more than 600,000 personal multimedia files. The breach was discovered when Cybernews researchers found that the Hong Kong-based developer Imagime Interactive Limited had left an unsecured Kafka Broker server open to the public, allowing real-time access to users’ private conversations with AI companions. The leak involved data from 400,000 users across both iOS and Android platforms, including links to personal photos, videos, and AI-generated images. Cybernews described the content as ‘virtually not safe for work,’ emphasizing the critical gap in user trust and developer responsibility. The breach underscored the risks of digital intimacy and the importance of robust cybersecurity measures to protect sensitive information.
Most affected users came from the United States, with about two-thirds of the data belonging to iOS users. Although the leak did not include full names or email addresses, it exposed IP addresses and unique device identifiers, which can be used to track and identify individuals. Cybernews found that users sent an average of 107 messages to their AI partners, creating a digital footprint that could be exploited for identity theft, harassment, or blackmail. Purchase logs revealed that some users spent as much as $18,000 to chat with their AI girlfriends, with the developer likely earning over $1 million before the breach was uncovered.
Cybernews quickly reported the issue to Imagime Interactive Limited, and the exposed server was taken offline in mid-September after appearing on public IoT search engines, where hackers could easily find it. Experts are still unsure whether cybercriminals accessed the data before it was removed. However, the threat remains, as leaked conversations and photos can fuel sextortion scams, phishing attacks, and severe reputation damage. Cybernews also highlighted the importance of protecting privacy online, advising users to avoid sending personal or sensitive content to AI chat apps and to choose apps with transparent privacy policies and proven security records.
Additionally, the incident serves as a stark reminder of the vulnerabilities in the AI companion industry. With the growing reliance on AI for personal companionship, the need for stronger security standards and developer accountability becomes increasingly critical. Cybersecurity awareness is emphasized as the first step in mitigating such risks, with users encouraged to understand how their data is handled and who controls it. The incident has sparked a broader conversation about the balance between technological innovation and the need for robust data protection measures to prevent future privacy scandals.
In conclusion, the massive data leak involving Chattee Chat and GiMe Chat highlights the urgent need for improved cybersecurity practices in the AI industry. As more users continue to share intimate and sensitive information with AI companions, developers must prioritize data security to prevent similar breaches. This incident serves as a cautionary tale, underscoring the importance of user vigilance and the necessity for developers to uphold their responsibility in protecting user privacy and data integrity.