AI girlfriend apps leak millions of private chats

Millions of confidential texts are now available to the public.  Following a significant data leak that was uncovered by Cybernews, a top cybersecurity research organization renowned for identifying significant data breaches and privacy threats globally, two AI companion apps, Chattee Chat and GiMe Chat, have made more than 43 million private messages as well as more than 600,000 photos and videos public.  The disclosure demonstrated the extent of your vulnerability when entrusting AI partners with extremely intimate conversations.

On August 28, 2025, Cybernews researchers discovered that the Hong Kong-based developer Imagime Interactive Limited had left an entire Kafka Broker server open to the public without any security protection. This unsecured system streamed real-time chats between users and their AI companions. It contained links to personal photos, videos, and AI-generated images. In total, the exposed data involved 400,000 users across iOS and Android devices. Researchers described the content as "virtually not safe for work" and said the leak exposes a deep gap between user trust and developer responsibility.

Most affected users came from the United States. About two-thirds of the data belonged to iOS users, while the remaining third came from Android devices. Although the leak did not include full names or email addresses, it did expose IP addresses and unique device identifiers. This information can still be used to track and identify individuals through other databases. Cybernews found that users sent an average of 107 messages to their AI partners, creating a digital footprint that could be exploited for identity theft, harassment, or blackmail.

Purchase logs revealed that some users spent as much as $18,000 to chat with their AI girlfriends. The developer likely earned over $1 million before the breach was uncovered. Although the company's privacy policy claimed that user security was "of paramount importance," Cybernews found no authentication or access controls on the server. Anyone with a simple link could view private exchanges, photos, and videos. This lack of protection shows just how fragile digital intimacy can be when developers ignore basic safeguards.

The issue was promptly brought to the attention of Imagine Interactive Limited by Cybernews.  After being discovered on open IoT search engines, where hackers could readily locate it, the compromised server was eventually taken offline in the middle of September.  Whether thieves had access to the data prior to its removal is still up for debate.  But the danger is still there.  Phishing attacks, sextortion schemes, and major reputational harm can all be exacerbated by leaked chats and images.

Even if you never used an AI girlfriend app, this case is a clear reminder to protect your privacy online.

Avoid sending personal or sensitive content to AI chat apps. Once shared, you lose control of it.

Choose apps with transparent privacy policies and proven security records.

Use a data removal service to wipe personal information from public databases. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice.  They aren’t cheap, and neither is your privacy.  These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites.  It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet.  By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Install strong antivirus software to block scams and detect potential intrusions. The best way to safeguard yourself from malicious links that install malware and potentially access your private information is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Use a password manager and enable multi-factor authentication to keep hackers out.

AI chat apps often feel safe and personal, but they store enormous amounts of sensitive data. When that data leaks, it can lead to blackmail, impersonation, or public embarrassment. Before trusting any AI service, check whether it uses secure encryption, access controls, and transparent privacy terms. If a company makes big promises about security but fails to protect your data, it is not worth the risk.

This leak exposes how unprepared many developers are to protect the private data of people using AI chat apps. The growing AI companion industry needs stronger security standards and more accountability to prevent these privacy disasters. Cybersecurity awareness is the first step. Knowing how your data moves and who controls it can help you stay safe before another leak puts your personal life online.

Would you still confide in an AI companion if you knew anyone could read what you shared? Let us know by writing to us at CyberGuy.com

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide - free when you join my CyberGuy.com newsletter  

Copyright 2025 CyberGuy.com.  All rights reserved.