This AI Chat App Leaked More Than 300 Million Messages Of 25 Million Users On Android And iOS

With the enhanced use of AI, the risk associated with it also increase and the biggest of them all is a data breach. In a recent development, an independent security researcher found out a major data breach affecting the Ask AI app available on both the Google Play Store and Apple App Store. The app has more than 10 million downloads on the Google Play Store only. According to the researcher, more than 300 million messages from over 25 million users have been accessed due to an exposed database. Now, these messages are reportedly discussions of illegal activities and requests for suicide assistance. For those who are unaware, Ask AI could be dubbed a wrapper application that integrates multiple large language models from different players like

Google Gemini, Anthropic Claude, and ChatGPT. Here in this application, users can choose which model they want to interact with. The exposed data consisted of files containing the complete chat history of the users, models used to answer queries, and other settings. The security flaw which triggered this scenario is firebase misconfiguration. Firebase is a cloud-based backened-as-a-service (BaaS) platform offered by Google that helps developers build, manage, and scale mobile and web applications.Anthropic Is Concerned As Claude AI's Latest Version Could Help People Make Chemical WeaponsA pretty common Firebase misconfiguration practice is leaving Security Rules set to public. This lets anyone with the project URL to read, modify, or delete data with zero authentication. According to multiple reports, Harry, the researcher, found that 103 out of 200 iOS apps had the same issue at the time of scanning. And to make things transparent for the users, Harry has created a website where the users can just visit and see the affected applications. The apps are removed from the list if the developer drops a patch note and informs the researcher.