AI Dating Assistant App "FlirtAI" Leaks 160,000 Private Chat Screenshots, Raising Privacy Concerns

AI 'wingman' app leaks 160,000 screenshots of private chats - here's what we know

It's hard to imagine a more mortifyingly embarrassing scenario than your own private flirty chats being exposed online, except, perhaps, being caught sending these messages off for analysis by an AI app. Researchers at Cybernews have discovered a breach at "FlirtAI - Get Rizz & Dates" (yes, that is really what it's called) which has leaked over 160,000 chat screenshots from users through an unprotected cloud storage bucket. Users of this app feed screenshots of their private conversations into the application to get tailored responses designed to help the user flirt or escalate the conversation. Unsurprisingly, but worryingly nonetheless, this app seems to have been primarily used by teenagers. Because of the configuration of the app, those primarily at risk are not those who have sent the chats in, but the person they're talking to - presumably other teenagers who are completely unaware that their conversation has been leaked, and probably unaware that this app even exists. Whilst we've seen more dangerous personal data leaked by other AI chatbots like SSNs and financial information, the nature of this chatbot and its user base represents a different kind of harm. As an adult, I'm not sure how well I'd cope with my private chats being exposed online, so for an already vulnerable teenager this could be devastating. "The fact that teenagers used this app may increase the severity of a potential data breach as data from minors is considered more sensitive, and could be subject to more restrictions regarding potential data uses and collection and processing practices," Cybernews researchers confirmed. The app does state that users are "only allowed to upload a screenshot when you have obtained the necessary approvals from all users/humans and their information mentioned in the screenshot". But, since this would negate the point of the chatbot, it seems pretty unlikely that this is followed. Those exposed in this breach could be at a heightened risk of social engineering attacks like phishing or, given that the app encourages users to share their target's dating profile, there could be a risk of impersonation attacks.

Flirty AI chatbot app leaks 160,000 DM screenshots

For years, some daters have used chatbots to flirt for them. Now, one of these "wingman" apps has leaked hundreds of thousands of messages. The makers of FlirtAI, which promotes itself as the "#1 AI Flirt Assistant Keyboard" on the App Store, have leaked 160,000 screenshots that users have shared with the app, according to an investigation by Cybernews. FlirtAI promises to help craft "charming, personalized, and instant" messages to dating app matches, its App Store description says. On the App Store, FlirtAI says it "works with every dating and chat app," and lists many of the most popular of each, including Tinder, Bumble, Hinge, WhatsApp, and Instagram. Users upload screenshots of their private dating app conversations, and FlirtAI generates responses. FlirtAI's privacy policy mentions this method: "When you use our service, we may collect certain information from you, including the prompts and text detected inside the uploaded screenshots." It also states that uploading screenshots implies that everyone involved has consented to the use of FlirtAI. The Cybernews team found an unprotected Google Cloud Storage bucket owned by Buddy Network GmbH, the company behind FlirtAI, containing such screenshots of conversations and dating app profiles. After the team notified the company, it closed the exposed bucket. Cybernews said that the leak data appeared to contain screenshots from a large number of teenage users. According to initial research out of MIT, using ChatGPT to write for you can impair cognitive ability. And while FlirtAI isn't an AI companion, researchers at Common Sense Media say that AI companions aren't safe for teens, because they can become emotionally dependent on them. One section of FlirtAI's privacy policy states that minors may not use the app, while another states that teens over 13 can use it with permission from a parent or guardian. Buddy Network GmbH has also created an app to talk to an "angel" AI and a "90-second AI journal" app. Mashable has contacted the company.