AI Chat App Exposes 300 Million Messages from 25 Million Users
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
The popular mobile application \u201cChat & Ask AI\u201d has inadvertently exposed hundreds of millions of private user conversations.<\/p>\n
The app, which boasts over 50 million users across the Google Play and Apple App stores<\/a>, failed to secure its backend database, allowing unauthorized access to sensitive user data.<\/p>\n The leak stemmed from a misconfiguration on\u00a0the Google Firebase platform, which<\/a><\/span> developers<\/a>\u00a0use to build<\/span> mobile apps. While Firebase is a standard tool, it requires careful setup to ensure security.<\/p>\n In this case, the settings were left in a default state that allowed anyone to designate themselves as an \u201cauthenticated\u201d user. This simple loophole granted access to the app\u2019s backend storage.<\/p>\n The scale of the leak is massive. The researcher reported access to approximately 300 million messages belonging to more than 25 million users.<\/p>\n According to 404media reports<\/a>, the exposed database contained comprehensive logs of user activity, including: Full histories of conversations with the AI. Timestamps of when chats occurred.<\/p>\n Custom names users gave to their AI companions. Specific configurations and the type of AI model used (such as ChatGPT, Claude, or Gemini). The content of these messages highlights the severe privacy implications of the breach.<\/p>\n An analysis of a sample data set comprising 60,000 users and one million messages revealed deeply personal and potentially dangerous inquiries.<\/p>\n Users had asked the AI for instructions on how to manufacture illegal drugs like methamphetamine, how to hack other applications, and, most disturbingly, advice on suicide and writing suicide notes.<\/p>\n \u201cChat & Ask AI\u201d functions as a \u201cwrapper\u201d app. This means it doesn\u2019t run its own AI brain; instead, it connects users to powerful models from major companies like OpenAI, Google, and Anthropic.<\/p>\n While the underlying AI models (such as ChatGPT) were not compromised, the wrapper app served as a weak link, storing conversations insecurely.<\/p>\n Users are advised to be cautious about the personal information they share with third-party AI tools and to review app permissions and reputations carefully.<\/p>\n Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n The post AI Chat App Exposes 300 Million Messages from 25 Million Users<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n