AI girlfriend apps leak millions of private chats
NEWNow you can listen to News articles!
Millions of private messages that should have remained secret are now public. Two AI companion apps, Chattee Chat and GiMe Chat, have exposed more than 43 million intimate messages and more than 600,000 images and videos after a major data breach uncovered by Cybernews, a leading cybersecurity research group known for uncovering major data breaches and privacy risks around the world. The exhibit revealed how vulnerable you can be when you rely on AI companions for deeply personal interactions.
Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CyberGuy.com fact sheet
Users have experienced a massive leak, exposing millions of private AI chat messages. (Kurt “CyberGuy” Knutsson)
Massive data breach exposes AI chat users
On August 28, 2025, Cybernews researchers discovered that Hong Kong-based developer Imagime Interactive Limited had left an entire Kafka Broker server open to the public without any security protection. This unsecured system streamed real-time chats between users and their AI peers. It contained links to personal photographs, videos and AI-generated images. In total, the exposed data involved 400,000 users on iOS and Android devices. The researchers described the content as “practically not safe for work” and said the leak exposes a deep gap between user trust and developer responsibility.
DISCORD CONFIRMS BREACH OF PROVIDER USER ID EXPOSED IN RESCUE PLOT
Private data of iPhone and Android users was found to be transmitted on an open server. (Kurt “CyberGuy” Knutsson)
Who was exposed in the AI leak?
Most of the affected users came from the United States. About two-thirds of the data belonged to iOS users, while the remaining third came from Android devices. Although the leak did not include full names or email addresses, it did expose IP addresses and unique device identifiers. This information can still be used to track and identify people through other databases. Cybernews found that users sent an average of 107 messages to their AI partners, creating a digital footprint that could be exploited for identity theft, harassment or blackmail.
Secrets of AI and spending habits revealed
Purchase records revealed that some users spent up to $18,000 to chat with their AI friends. The developer likely made more than $1 million before the infringement was discovered. Although the company’s privacy policy stated that user security was “of utmost importance”, Cybernews found no authentication or access controls on the server. Anyone with a simple link could see private exchanges, photos and videos. This lack of protection shows how fragile digital privacy can be when developers ignore basic safeguards.
Experts warn that the leak can lead to scams, blackmail and identity theft. (Kurt “CyberGuy” Knutsson)
How Cybernews discovered and closed the leak
Cybernews quickly reported the issue to Limited interactive image. The exposed server was eventually taken offline in mid-September after appearing on public IoT search engines, where hackers could easily find it. Experts are still unsure whether cybercriminals accessed the data before it was deleted. However, the threat remains. Leaked conversations and photos can fuel sextortion scams, phishing attacks, and serious reputational damage.
HACKER EXPLOITS AI CHATBOT IN CYBER CRIME WAVE
Tips to stay safe from AI data breaches
Even if you’ve never used an AI girlfriend app, this case is a stark reminder to protect your privacy online.
1) Think before you share
Avoid sending personal or sensitive content to AI chat apps. Once shared, you lose control over it.
2) Use reputable AI tools
Choose apps with transparent privacy policies and proven security records.
3) Delete your data online
Use a data deletion service to delete personal information from public databases. While no service can guarantee complete removal of your data from the Internet, a data deletion service is truly a smart choice. They are not cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically deleting your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to delete your personal data from the Internet. By limiting the information available, you reduce the risk of scammers cross-referencing leak data with information they can find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already available on the web by visiting CyberGuy.com
Get a free scan to find out if your personal information is already available on the web: CyberGuy.com
4) Strengthen your cybersecurity with powerful antivirus software
Install powerful antivirus software to block scams and detect potential intrusions. The best way to protect yourself from malicious links that install malware and potentially access your private information is to have powerful antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best antivirus protection winners of 2025 for your Windows, Mac, Android, and iOS devices at CyberGuy.com
5) Protect your accounts with a password manager and MFA
Use a password manager and enable multi-factor authentication to keep hackers away.
Next, check to see if your email has been exposed in previous breaches. Our number one password manager (see CyberGuy.com) includes a built-in breach scanner that checks to see if your email address or passwords have appeared in known breaches. If you discover a match, immediately change any reused passwords and protect those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2025 at CyberGuy.com
What does this mean to you?
AI chat apps often appear secure and personal, but they store huge amounts of sensitive data. When that data is leaked, it can lead to blackmail, impersonation, or public shaming. Before trusting any AI service, check if it uses strong encryption, access controls, and transparent privacy terms. If a company makes big promises about security but doesn’t protect your data, it’s not worth the risk.
Kurt’s Key Takeaways
This leak exposes how unprepared many developers are to protect the private data of people using AI chat apps. The growing AI complementary industry needs stronger security standards and more accountability to prevent these privacy disasters. Cybersecurity awareness is the first step. Knowing how your data moves and who controls it can help you stay safe before another breach puts your personal life online.
Would you still trust an AI companion if you knew someone could read what you shared? Let us know by writing to us at CyberGuy.com
Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CyberGuy.com fact sheet
CLICK HERE TO GET THE News APP
Copyright 2025 CyberGuy.com. All rights reserved.
Kurt “CyberGuy” Knutsson is an award-winning technology journalist with a deep love for technology, gear and devices that improve lives with his contributions to News and News Business since mornings on “News & Friends.” Do you have any technical questions? Get Kurt’s free CyberGuy newsletter, share your voice, a story idea or comment on CyberGuy.com.