AI girlfriend data breach: 400K+ users affected

Two AI character apps by the same developer, “Chattee Chat” and “GiMe Chat,” have exposed millions of intimate conversations, over 600K images, and other private data. Leaked purchase logs reveal that some users spend thousands of dollars on their AI girlfriends.

Two AI companion apps, Chattee Chat and GiMe Chat, exposed millions of intimate conversations and images from over 400,000 users.
The exposed data included user-submitted photos, IP addresses, and logs, revealing that some users spend thousands of dollars on in-app purchases.
The leak highlights significant security negligence by developers: the Kafka Broker instance was left without access controls and authentication.

On August 28th, 2025, Cybernews discovered a publicly exposed and unprotected streaming and content delivery system (Kafka Broker instance), containing a massive trove of personal information.

The affected Kafka Broker was used to stream private messages between users and different instances of AI girlfriends and other companions, including links to real photos and videos submitted by users, as well as photos and videos generated by AI.

The instance was handling real-time data streams for two apps on Android and iOS: “Chattee Chat - AI Companion” and “GiMe Chat - AI Companion.”

It contained data belonging to over 400,000 users: over 43 million messages sent by users to AI models, over 600K images and videos shared and generated by the AI models.

“There was virtually no content that could be considered safe for work,” Cybernews researchers said.

“This troubling leak highlights a huge gap between the complete trust users place in these apps – expressing their desires and fantasies with the hope that this information remains private – and the security negligence of the developers.”

At the time of this writing, one of the apps, Chattee, was the #121 Entertainment app on the Apple App Store. According to third-party estimates, the app was downloaded over 300,000 times on the platform and had hundreds of positive reviews. Most of the users are from the US. The second app was significantly less popular.

The exposed registration data suggests that 66.3% of the leaked data belongs to iOS users, and the remaining third were Android users. During the investigation, the Chattee app was delisted from the Google Play Store. The developer directed users to download and sideload the APK instead of installing it directly from the store.

The Hong Kong-based apps developer, Imagime Interactive Limited, promises clients that their personal information “is of paramount importance to us” and lists many security features in the privacy policy.

“We are well aware of the importance of personal information to you, so we attach great importance to protecting your personal information and privacy, and treat and process your personal information with a high degree of prudence,” the Terms of Service document reads.

However, Cybernews researchers found no access controls or authentication enforced on the exposed instance.

“Anyone with a link was able to connect to the app’s content delivery network to view any content sent and received by users,” our researchers warn.

Users vulnerable

The leaked data did not include direct personally identifiable information such as names or email addresses.

However, the apps exposed IP addresses and unique device identifiers, which can be used to link to personally identifiable information from previous leaks and breaches.

The leaked data reveals that app users were uploading images, generating NSFW images and videos, and conversing with chatbots.

“Users of the apps seem to be very engaged: on average, each sent 107 messages to their AI companions. This, together with uploaded images and videos, may be abused by the threat actors to identify, discredit, and harass people,” the Cybernews research team warns.

No access controls were used on the media files, allowing any external party to access content uploaded or purchased by users.

How much do users spend on AI girlfriends?

In-app purchase logs reveal that some users spent as much as $18,000 on in-app currency purchases. However, these were only edge cases.

Leaked transactions suggest the developer’s total revenues likely exceed $1 million.

The authentication tokens were also exposed, and hackers can use them to hijack user accounts and in-app currency, although this might be of little value.

Cybernews responsibly disclosed the incident to the developer, and the Kafka Broker instance is no longer accessible. We reached out for additional comments but received no response before publishing.

Don't miss our latest stories on Google News. Add us as your Preferred Source on Google

It’s uncertain whether any threat actors have accessed the leaked data, but it would have been easy for them to find it. The exposed server was already indexed by major IoT search engines, and hackers are actively scanning common ports for vulnerable services themselves.

“Tying AI Girlfriend app usage data to an identity may result in significant reputational risks and may negatively impact a person’s mental health, life, and safety,” our researchers warn.

Hackers potentially can use the data for sextortion campaigns, spearphishing, and other attacks.

“Users should be aware that conversations with AI companions may not be as private as claimed. Companies hosting such apps may not properly secure their systems. This leaves intimate messages and any other shared data vulnerable to malicious actors, who leverage any viable opportunities for financial gain,” the researchers conclude.

Proper authentication and access controls are always a first step

Our researchers often find Kafka broker instances exposed due to misconfigurations and operational practices. Cybernews reported on previously discovered unprotected Kafka instances used by Brazilian healthcare giant Unimed, food delivery services in Turkey, parental control app KidSecurity, a trusted Shopify plugin, and many others.

Admins likely rely on default configurations to ease the development of their services, often skip enabling important authentication features, and do not restrict access to specific IPs.

“The Kafka Broker should be properly access-controlled, including enabling built-in authentication features, as well as employing additional measures such as IP whitelisting,” our researchers concluded.