A security researcher discovered that a misconfigured database exposed roughly 300 million messages tied to more than 25 million users of Chat and Ask AI, one of the most widely downloaded AI chat apps on Google Play and the Apple App Store with more than 50 million users.
According to the findings, the root cause was a Firebase misconfiguration in which the database Security Rules were set to public. That setting allowed anyone who knew the project URL to read, modify, or delete the stored data without any authentication. The exposed records included the conversations users had with the app, which can contain personal details, questions, and other sensitive information that people share with chatbots.
The exposure illustrates a recurring pattern in AI application security, where the underlying data store rather than the AI model itself becomes the point of failure. Misconfigured cloud databases have been responsible for a range of breaches across the technology sector, and the rapid growth of consumer AI apps has expanded the number of services holding large volumes of conversational data.
Security analysts noted that exposed conversation logs and any associated tokens could enable account access or be used to build profiles of individual users. The disclosure prompted attention to how AI app developers configure cloud back ends and manage access controls. The incident adds to a growing list of cases in which large troves of AI chat data were left reachable on the open internet because of basic configuration errors rather than sophisticated attacks.
Source: Malwarebytes - https://www.malwarebytes.com/blog/news/2026/02/ai-chat-app-leak-exposes-300-million-messages-tied-to-25-million-users