Millions of private messages meant to stay secret are now public. Two AI companion apps, Chattee Chat and GiMe Chat, have exposed more than 43 million intimate messages and over 600,000 images and videos after a major data leak discovered by Cybernews, a leading cybersecurity research group known for uncovering major data breaches and privacy risks worldwide. The exposure revealed just how vulnerable you can be when you trust AI companions with deeply personal interactions.
Massive data breach exposes AI chat users
On August 28, 2025, Cybernews researchers discovered that the Hong Kong-based developer Imagime Interactive Limited had left an entire Kafka Broker server open to the public without any security protection. This unsecured system streamed real-time chats between users and their AI companions. It contained links to personal photos, videos, and AI-generated images. In total, the exposed data involved 400,000 users across iOS and Android devices. Researchers described the content as “virtually not safe for work” and said the leak exposes a deep gap between user trust and developer responsibility.
Who was exposed in the AI leak
Most affected users came from the United States. About two-thirds of the data belonged to iOS users, while the remaining third came from Android devices. Although the leak did not include full names or email addresses, it did expose IP addresses and unique device identifiers. This information can still be used to track and identify individuals through other databases. Cybernews found that users sent an average of 107 messages to their AI partners, creating a digital footprint that could be exploited for identity theft, harassment, or blackmail.
AI secrets and spending habits revealed
Purchase logs revealed that some users spent as much as $18,000 to chat with their AI girlfriends. The developer likely earned over $1 million before the breach was uncovered. Although the company’s privacy policy claimed that user security was “of paramount importance,” Cybernews found no authentication or access controls on the server. Anyone with a simple link could view private exchanges, photos, and videos. This lack of protection shows just how fragile digital intimacy can be when developers ignore basic safeguards.
How Cybernews discovered and closed the leak
Cybernews quickly reported the problem to Imagime Interactive Limited. The exposed server was finally taken offline in mid-September after appearing on public IoT search engines, where hackers could easily find it. Experts are still unsure whether cybercriminals accessed the data before it was removed. However, the threat remains. Leaked conversations and photos can fuel sextortion scams, phishing attacks, and serious reputation damage.
Tips to stay safe from AI data leaks
Even if you never used an AI girlfriend app, this case is a clear reminder to protect your privacy online.
1) Think before you share
Avoid sending personal or sensitive content to AI chat apps. Once shared, you lose control of it.
2) Use reputable AI tools
Choose apps with transparent privacy policies and proven security records.
3) Remove your data online
Use data removal services such as Incogni to wipe personal information from public databases. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Incogni, a service I trust 100% and use myself, helps automate the process by submitting removal requests to hundreds of data brokers and people-search sites on your behalf.
Incogni automatically contacts data brokers on your behalf and requests the removal of your personal information. It also continues monitoring those sites and submits new removal requests if your data reappears.
- Incogni currently removes personal data from 420+ data broker and people-search websites, and its Unlimited plan allows you to request removals from as many additional sites as you need.
- Incogni has also received third-party assurance from Deloitte, validating its marketing claims.
- The goal is simple: make it much harder for strangers, scammers, and cybercriminals to find your personal information online.
CyberGuy readers get 60% off Incogni’s annual plans using the links in this article.
The service also includes a 30-day money-back guarantee, so you can try it risk-free and see how much of your information is exposed online.
Is your personal information exposed online?
Run a free scan to see if your personal info is compromised. Results arrive by email in about an hour.
4) Strengthen your cybersecurity with strong antivirus software
Install strong antivirus software like TotalAV to block scams and detect potential intrusions. The best way to safeguard yourself from malicious links that install malware and potentially access your private information is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
TotalAV is easy to set up and offers real-time protection for paid users, keeping your devices safe around the clock. It includes tools to block phishing scams, remove ransomware and spyware, and clean up adware and junk files. The software also features a browser manager, system tune-up tools, and protects across Windows, Mac, Android, and iOS devices.
GET MY EXCLUSIVE CYBERGUY TOTALAV DEAL:
Please note:
1) If you're having difficulty seeing either of the above deals, do this:
- If you're on a mobile device, hold down the link above, "Copy Link", and then paste it into a private or incognito browser.
- If you're on a laptop or desktop, right click the link, "Copy Link", and then paste it into a private or incognito browser.
2) During registration you may see optional upsells you can decline. Our top pick is the core antivirus product.
3) If you need help after your purchase, you can reach TotalAV directly through their official support page here.
5) Protect your accounts with a password manager and MFA
Use a password manager such as NordPass and enable multi-factor authentication to keep hackers out.
Next, see if your email has been exposed in past breaches. Our #1 pick, NordPass, includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
- Unlimited password storage
- Secure sharing
- Password health reports
- Auto-fill and emergency access
- Data breach monitoring to alert you if your credentials have been exposed
- A Security Dashboard with tools like the Data Breach Scanner and Password Health Checker to identify weak, reused, or compromised passwords
CyberGuy Exclusive Deal: Save 52% now with CyberGuy’s exclusive NordPass offer – Get 1 extra month FREE with a 2-year plan. Try 30 days risk-free for only $1.43 per month!
What this means for you
AI chat apps often feel safe and personal, but they store enormous amounts of sensitive data. When that data leaks, it can lead to blackmail, impersonation, or public embarrassment. Before trusting any AI service, check whether it uses secure encryption, access controls, and transparent privacy terms. If a company makes big promises about security but fails to protect your data, it is not worth the risk.
Related Links:
- Hackers leak children’s data in major nursery breach
- 16 billion passwords leaked in massive data breach
- Over 2 billion users face phishing risks after Google data leak
Kurt’s key takeaways
This leak exposes how unprepared many developers are to protect the private data of people using AI chat apps. The growing AI companion industry needs stronger security standards and more accountability to prevent these privacy disasters. Cybersecurity awareness is the first step. Knowing how your data moves and who controls it can help you stay safe before another leak puts your personal life online.
Would you still confide in an AI companion if you knew anyone could read what you shared? Let us know in the comments below.
FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2025 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.
🎙 Now Streaming: My New Podcast: The CyberGuy Report
Kurt’s Top Deals
Deals move fast and inventory can be limited, so don’t wait too long.
| 🔥 Editor’s pick  Summer entertaining Ninja SLUSHi Machine (26% off) Frozen drinks and slushies at home in minutes. | |
| 💰 Top deal  Outdoor essential TYPEC Solar Bug Zapper (36% off) Solar-powered bug zappers for patios and camping. |
