Two AI-powered Android apps available on the Google Play Store have exposed over 12TB of sensitive user data due to severe security misconfigurations, as uncovered by Cybernews researchers. Affected users from 25 countries, including the US and Germany, had their personal files—including photos, videos, and Know Your Customer (KYC) documents—leaked, creating significant risks for identity theft and fraud.
The main app, Video AI Art Generator & Maker by Codeway, had amassed over 500,000 installs before the breach. Misconfigured Google Cloud Storage allowed unauthorized access to more than 1.5 million images and 385,000 videos. Another app, IDMerit, exposed extensive KYC data.
Developers promptly secured the vulnerabilities, but users should remain vigilant. It’s essential to verify app sources and scrutinize permissions before sharing sensitive information. This incident highlights the urgent need for improved security measures in AI app development and oversight to protect user data effectively.
Source link
