Credit: The original article is published here.
- ‘FlirtAI’ has leaked user data in an unprotected storage bucket
- The app’s user base seems to have primarily been teenagers
- The leaked chats could have a devastating affect on victims
It’s hard to imagine a more mortifyingly embarrassing scenario than your own private flirty chats being exposed online, except, perhaps, being caught sending these messages off for analysis by an AI app.
Researchers at Cybernews have discovered a breach at “FlirtAI – Get Rizz & Dates” (yes, that is really what it’s called) which has leaked over 160,000 chat screenshots from users through an unprotected cloud storage bucket.
Users of this app feed screenshots of their private conversations into the application to get tailored responses designed to help the user flirt or escalate the conversation.
Save up to 68% on identity theft protection for TechRadar readers!
TechRadar editors praise Aura’s upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal.
Preferred partner (What does this mean?)View Deal
More than just embarrassing
Unsurprisingly, but worryingly nonetheless, this app seems to have been primarily used by teenagers.
Because of the configuration of the app, those primarily at risk are not those who have sent the chats in, but the person they’re talking to – presumably other teenagers who are completely unaware that their conversation has been leaked, and probably unaware that this app even exists.
Whilst we’ve seen more dangerous personal data leaked by other AI chatbots like SSNs and financial information, the nature of this chatbot and its user base represents a different kind of harm.
As an adult, I’m not sure how well I’d cope with my private chats being exposed online, so for an already vulnerable teenager this could be devastating.
“The fact that teenagers used this app may increase the severity of a potential data breach as data from minors is considered more sensitive, and could be subject to more restrictions regarding potential data uses and collection and processing practices,” Cybernews researchers confirmed.
The app does state that users are “only allowed to upload a screenshot when you have obtained the necessary approvals from all users/humans and their information mentioned in the screenshot”.
But, since this would negate the point of the chatbot, it seems pretty unlikely that this is followed.
Those exposed in this breach could be at a heightened risk of social engineering attacks like phishing or, given that the app encourages users to share their target’s dating profile, there could be a risk of impersonation attacks.
You might also like
- Take a look at our picks for the best malware removal software around
- Check out our choice for best antivirus software
- Google Gemini can be hijacked to display fake email summaries in phishing scams
