More than 100,000 users may have had their most intimate AI conversations exposed, as data allegedly stolen from MyLovelyAI has been listed on a hacker forum.
A threat actor on a prominent hacking forum claims to have breached MyLovelyAI, a popular AI girlfriend platform, and is currently auctioning off sensitive user data.
Cybernews researchers investigated a collection of sample files uploaded by the hacker to verify the claim.
While a standard data breach involving emails and other personally identifiable information (PII) is bad enough, the nature of MyLovelyAI makes this alleged leak uniquely dangerous.
The inclusion of NSFW prompts, the literal transcripts of users' private conversations with their AI companions, provides a goldmine for malicious actors.
Explicit content potentially leaked
Approximately 106,000 records exposed by the threat actor contained usernames, emails, and subscription plan details, suggesting that around the same number of users might be affected by the data exposure.
Perhaps the most vulnerable data leaked was the prompts that users used. Two datasets totaling 113,000 records consisted of explicit, NSFW prompt messages. Critically, nearly 70,000 of these messages were linked directly to unique user IDs.
Hundreds of records contained direct communications with the support, metadata, and descriptions of technical issues. Roughly 500 records of promotional data connected to discount codes were also found in the data samples.
"The impact here goes far beyond simple identity theft," a Cybernews researcher noted.
"In the high-risk scenarios, the stolen data could be used for targeted phishing and, more alarmingly, sextortion scams."
Cybernews has reached out to the company for a comment, but has not yet received a response.
Sharing your fantasies with AI is always a risk
The rise of AI has brought plenty of hype around AI-assisted companionship. According to a survey, 1 in 5 men have admitted to having flirted with an AI, and 47% of men believe virtual AI dates can meet their emotional needs.
However, trusting AI with your most intimate secrets might pose the risk of data theft. Research has discovered that 17 popular AI companion apps on Google Play, collectively downloaded more than 150 million times, had critical vulnerabilities that put users at risk.
And every year, a new story breaks about another AI girlfriend platform that leaked user data.
Last year, Cybernews in-house research revealed that two AI character apps by the same developer, “Chattee Chat” and “GiMe Chat,” exposed millions of intimate conversations, over 600,000 images, and other private data.
In 2024, Muah.ai suffered a data breach that exposed twisted fantasies and over 1.9 million records, including email addresses and prompts used to generate AI images.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked