Millions of private messages and images from AI girlfriend apps Chattee Chat and GiMe Chat were leaked, exposing users’ intimate conversations and raising serious privacy concerns.
In a significant data breach, two AI companion applications, Chattee Chat and GiMe Chat, have exposed over 43 million private messages and more than 600,000 images and videos. This alarming incident was uncovered by Cybernews, a prominent cybersecurity research organization known for identifying major data breaches and privacy vulnerabilities worldwide.
The breach highlights the risks associated with trusting AI companions with sensitive personal information. Users reportedly spent as much as $18,000 on these AI interactions, only to find their private exchanges made public.
On August 28, 2025, Cybernews researchers discovered that Imagime Interactive Limited, the Hong Kong-based developer of the apps, had left an entire Kafka Broker server unsecured and accessible to the public. This exposed server streamed real-time chats between users and their AI companions and contained links to personal photos, videos, and AI-generated images. The exposed data affected approximately 400,000 users across both iOS and Android platforms.
Researchers characterized the leaked content as “virtually not safe for work,” emphasizing the significant gap between user trust and developer accountability in safeguarding personal data.
The majority of affected users were located in the United States, with about two-thirds of the exposed data belonging to iOS users and the remaining third to Android users. While the leak did not include full names or email addresses, it did reveal IP addresses and unique device identifiers. This information could potentially be used to track and identify individuals through other databases, raising concerns about identity theft, harassment, and blackmail.
Cybernews found that users sent an average of 107 messages to their AI companions, creating a digital footprint that could be exploited. The purchase logs indicated that some users had spent significant amounts on their AI interactions, with the developer likely earning over $1 million before the breach was discovered.
Despite the company’s privacy policy stating that user security was “of paramount importance,” Cybernews noted the absence of authentication or access controls on the server. Anyone with a simple link could view the private exchanges, photos, and videos, underscoring the fragility of digital intimacy when developers neglect basic security measures.
Following the discovery, Cybernews promptly notified Imagime Interactive Limited, and the exposed server was taken offline in mid-September after appearing on public IoT search engines, where it could be easily located by hackers. Experts remain uncertain whether cybercriminals accessed the data before its removal, but the potential for misuse persists. Leaked conversations and images could fuel sextortion scams, phishing attacks, and significant reputational harm.
This incident serves as a stark reminder of the importance of online privacy, even for those who have never used AI girlfriend apps. Users are advised to avoid sharing personal or sensitive content with AI chat applications, as control over shared information is relinquished once it is sent.
Choosing applications with transparent privacy policies and proven security records is crucial. Additionally, utilizing data removal services can help erase personal information from public databases, although no service can guarantee complete removal from the internet. These services actively monitor and systematically erase personal data from numerous websites, providing peace of mind and reducing the risk of scammers cross-referencing data from breaches with information available on the dark web.
Installing robust antivirus software is also essential for blocking scams and detecting potential intrusions. Strong antivirus protection can alert users to phishing emails and ransomware scams, safeguarding personal information and digital assets.
Employing a password manager and enabling multi-factor authentication are further steps to keep hackers at bay. Users should also check if their email addresses have been exposed in previous breaches. Some password managers include built-in breach scanners that can identify whether email addresses or passwords have appeared in known leaks, allowing users to change reused passwords and secure their accounts with unique credentials.
AI chat applications may seem safe and personal, but they often store vast amounts of sensitive data. When such data is leaked, it can lead to blackmail, impersonation, or public embarrassment. Before trusting any AI service, users should verify that it employs secure encryption, access controls, and transparent privacy terms. If a company makes significant claims about security but fails to protect user data, it may not be worth the risk.
This leak underscores the lack of preparedness among developers to protect the private data of individuals using AI chat applications. The burgeoning AI companion industry necessitates stronger security standards and greater accountability to prevent such privacy disasters. Cybersecurity awareness is the first step; understanding how personal data is managed and who controls it can help individuals safeguard themselves against future breaches.
Would you still confide in an AI companion if you knew anyone could read what you shared? Share your thoughts with us at CyberGuy.com.
Source: Original article