A misconfigured database left hundreds of millions of private messages from a popular AI chat application exposed, according to a security researcher who reported the finding in February 2026. The exposure affected Chat & Ask AI, an app that claims more than 50 million users across the Google Play and Apple App stores, and traced back to a Firebase configuration error rather than an external attack.
The researcher found roughly 300 million messages tied to about 25 million users left accessible without protection. The exposed conversations reportedly included sensitive material that users had shared with the chatbot, spanning discussions of mental health, personal crises, and other private topics. Because the data sat in an open database, anyone who located it could have read the contents.
Codeway, the Turkish developer behind Chat & Ask AI, faced allegations of harm to users whose private conversations were left vulnerable. The incident drew attention from privacy advocates who noted that conversational AI apps collect unusually intimate data, since users often treat chatbots as confidential sounding boards.
The case fits a broader pattern of AI applications exposing user data through basic infrastructure errors. Separate incidents during the same period included an unprotected server linked to Vyro AI that leaked user logs in real time, and a demonstrated breach of an internal enterprise AI platform. Security researchers have pointed to misconfigured cloud databases as a recurring weak point, noting that the volume of personal data flowing into AI chat tools raises the stakes when access controls fail. The developer's response and any regulatory follow-up will determine the longer-term consequences of the exposure.
Source: Malwarebytes - https://www.malwarebytes.com/blog/news/2026/02/ai-chat-app-leak-exposes-300-million-messages-tied-to-25-million-users