A popular AI app, Chat & Ask AI, recently exposed hundreds of millions of private user messages due to a serious backend misconfiguration, according to 404 Media. An independent security researcher discovered that the app improperly configured its use of Google Firebase, making it possible for virtually anyone to authenticate and access backend storage where sensitive user data was being kept.
As a result, the researcher was able to access approximately 300 million chat messages belonging to more than 25 million users—many of which contained highly sensitive personal information.
Fortunately, the issue was disclosed responsibly. The app’s developer, Codeway, resolved the vulnerability within hours of being notified. This outcome highlights the importance of ethical security research; had a malicious actor discovered the flaw first, the data could have been harvested, sold, or leaked on dark web marketplaces, potentially causing widespread harm to users.
