A Hong Kong-based developer behind the Chattee Chat and GiMe Chat “AI companion” apps left a Kafka Broker server unsecured, exposing a live stream of user interactions, according to researchers at Cybernews. The leak revealed more than 43 million messages and over 600,000 images and videos tied to roughly 400,000 users, a majority in the U.S. Cybernews said the data included IP addresses and device identifiers but not full names or emails, raising risks of identity theft and extortion.
Purchase logs reviewed by researchers showed individual users spending up to $18,000, with developer revenue likely exceeding $1 million before the breach surfaced. The server, which lacked authentication, was taken offline in mid-September after being discovered on public IoT search engines. It remains unclear whether criminals accessed the data.
The incident underscores growing privacy and security concerns around consumer AI and could draw scrutiny from regulators, especially given the developer’s privacy assurances. Security experts warn the leaked content may fuel phishing and sextortion campaigns and say the episode highlights the need for stronger safeguards and accountability in the fast-growing AI companion market.
Massive breach at AI ‘girlfriend’ apps exposes millions of intimate chats, photos and videos
- Trending
- Comments
- Latest
