- ‘Flirtai’ disclosed user data in an unprotected storage bucket
- The user base of the application seems to have been mainly adolescents
- Disclosed cats could have a devastating effect on the victims
It is difficult to imagine a more embarrassing scenario more fatal than your own private private cats exposed online, except perhaps being surprised sending these messages for analysis by an AI application.
Researchers at Cyberness discovered a breach at “Flirtai – Get Rizz & Dates” (yes, that’s what he is called) that has disclosed more than 160,000 discussion screenshots from users via an unprotected cloud storage bucket.
Users of these application flow screenshots of their private conversations in the application to get tailor -made responses to help the user flirt or degenerate the conversation.
More than just embarrassing
Not surprisingly, but nevertheless worrying, this application seems to have been mainly used by adolescents.
Due to the configuration of the application, those mainly at risk are not those who have sent the discussions, but the person to whom they speak – probably other teenagers who do not know that their conversation has been disclosed, and probably ignoring that this application even exists.
Although we have seen more dangerous personal data disclosed by other AI chatbots such as SSN and financial information, the nature of this chatbot and its user base represents another type of damage.
As an adult, I do not know how well I would be facing my private cats exposed online, so for an already vulnerable adolescent, it could be devastating.
“The fact that adolescents have used this application can increase the severity of a potential data violation as a data from minors is considered more sensitive and could be subject to larger restrictions on potential data uses and collection and processing practices,” confirmed Cybernews researchers.
The application indicates that users are “authorized to download a screenshot when you have obtained the necessary approvals for all users / humans and their information mentioned in the screenshot”.
But, as it would cancel the chatbot point, it seems quite unlikely that it will be followed.
People exposed in this violation could be at an increased risk of social engineering attacks such as phishing or, since the application encourages users to share the meeting profile of their target, there could be a risk of identity of identity.
