ADVERTISEMENT

iPhone AI app leaked user-generated NSFW stories

Apple App Store’s Novel AI: Book Creator leaked its Firebase database, revealing that its users generated far spicier stuff than your average ghost story.

iPhone app leaks user NSFW stories

Image by Cybernews.

Vilius Petkauskas
Vilius Petkauskas Deputy Editor
Apr 17, 2025 Updated: 21 April 2025 4 min read
  • Novel AI: Book Creator exposed user-generated stories and other personal data
  • Some of the leaked stories were NSFW
  • Attackers could exploit the leaked info for sextortion and blackmail
  • Cybernews has contacted the app’s developers but has received no reply
“The data leaked included communications with customer support, personally identifiable information such as email addresses, and leaked user-generated stories. Some user-generated stories included adult content,”
Aras Nazarovas, Information security researcher at Cybernews.

What data did the iOS app leak?

  • User interactions with customer support
  • User email addresses
  • Stories users generated with AI‘s help
“Leaking this type of content becomes much more sensitive, as it may reveal embarrassing, or socially unacceptable preferences and threat actors can exploit such information for blackmail or sextortion,”
Nazarovas explained.

iOS app secrets revealed

ADVERTISEMENT
  • API Key
  • Client ID
  • Database URL
  • Google App ID
  • Project ID
  • Reversed Client ID
  • Storage Bucket
  • Facebook App ID
  • Facebook Client Token
Ernestas Naprys Paulina Okunyte jurgita Niamh Ancell BW
Be the first to know and get our latest stories on Google News
Add us as your Preferred Source on Google.

How do you fix leaky apps?

  • Make use of appropriate Firebase security rules, in order to make sure only authorized and authenticated users and services can access the data stored within.
  • Remove sensitive Secrets from the client side of the application, and place them on the server side of the application, proxying traffic through your own infrastructure to third-party services used by the app.

Many iOS apps are leaking secrets


  • Leak discovered: January 7th, 2025
  • Initial disclosure: January 15th, 2025
  • CERT contacted: February 12th, 2025
ADVERTISEMENT