What Exposed the AI Companion Apps? A Deep Dive into the Massive Data Leak
A recent breach of the AI companion apps Chattee and GiMe Chat exposed over 40 million private conversations, hundreds of thousands of media files, and transaction records due to publicly accessible Kafka brokers lacking any authentication, putting user privacy and security at serious risk.
On October 9, cybersecurity firm Cybernews reported that the AI companion applications “Chattee” and “GiMe Chat” suffered a major data‑leak incident affecting more than 400,000 users.
The leaked data includes 43 million private user‑AI conversations, over 600,000 images and videos, and detailed in‑app transaction records.
The root cause was that the Kafka broker servers for both applications were exposed on the public Internet without any access‑control or authentication mechanisms.
Consequently, anyone who discovered the server address could directly retrieve all stored content, including messages, media files, and activity logs from users’ Android and iOS devices.
Although the breach did not directly reveal names or email addresses, it exposed users’ IP addresses and device identifiers, which can be combined with other data to precisely identify individuals.
Records show some users spent up to US$18,000 (≈CNY 128,000) on virtual companions, while the developers’ total revenue is estimated to exceed US$1 million; the leaked authentication tokens also raise the risk of account hijacking and theft of in‑app funds.
Source: Hangzhou Daily.
Efficient Ops
This public account is maintained by Xiaotianguo and friends, regularly publishing widely-read original technical articles. We focus on operations transformation and accompany you throughout your operations career, growing together happily.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.