AN independent security researcher uncovered a data breach affecting Chat & Ask AI, a popular AI chat app available on Google Play and the Apple App Store, reportedly used by more than 50 million people. The researcher claims to have accessed 300 million messages from over 25 million users due to an exposed database. These messages reportedly included discussions of illegal activities and requests for suicide assistance.
The breach exposed data from a “wrapper” app that plugs into various large language models, including OpenAI’s ChatGPT, Anthropic’s Claude, and Google’s Gemini, with users able to choose which model to interact with. The exposed data also included user files containing entire chat histories, the models used, and other settings, and revealed data belonging to users of other Codeway apps.
The vulnerability was a Firebase misconfiguration, a well-documented backend setup issue that can leave data publicly readable without authentication. To help users stay safer, the article suggests steps such as using private chatbots that don’t train the model and avoiding sharing real identities or personal documents.