A Popular AI-Powered Chat App Has Uncovered 300 Million Private Messages.
Have you ever used an app called Chat & Ask AI? If so, there’s a good chance your messages were exposed last month. In January, an independent researcher was able to easily access approximately 300 million messages on the service, as reported by Emanuel Mayberg of 404 Media . The data included chat logs covering a wide range of sensitive topics, from drug use to suicide.
Chat & Ask AI, an app developed by Istanbul-based Codeway and available in the Apple and Google app stores, claims to have approximately 50 million users. The app essentially resells access to large language models from other companies, including OpenAI, Claude, and Google, while providing limited free access to its own users.
The issue that led to the data leak was related to an insecure Google Firebase configuration, a relatively common vulnerability. The researcher easily authenticated himself, gaining access to messages from 25 million app users. He reportedly extracted and analyzed approximately 60,000 messages before reporting the issue to Codeway.
The good news: the issue was quickly fixed. Even better news: there have been no reports of these messages being leaked online. However, this is yet another reason to carefully consider the messages you send to AI chatbots. Remember that conversations with AI chatbots are not private —by their very nature, these systems often store your conversations for later reference. A data leak could lead to awkward situations or worse, and using a reseller like Chat & Ask AI to access large language models adds another layer of potential security risks, as this recent leak demonstrates.