A newly discovered data exposure involving a popular AI chatbot app has once again raised alarms about the security and privacy of millions of users’ conversations. A security researcher has uncovered an unsecured database tied to Chat & Ask AI, a widely used mobile application that integrates multiple large-language models — including OpenAI’s ChatGPT, Google’s Gemini, and Anthropic’s Claude — into one interface.

A Breach Fueled by a Misconfiguration

According to the researcher, who goes by the name Harry, a backend database used by the Chat & Ask AI app was improperly configured and left publicly accessible. This misconfiguration, common among developers using cloud services like Google’s Firebase, meant that anyone with the correct project URL could access the stored data without a password or authentication.

As a result, Harry says he was able to browse through roughly 300 million chat messages associated with more than 25 million users of the app. These weren’t just generic queries — the exposed contents reportedly included deeply personal conversations, such as users discussing illegal activities and even requesting advice on suicide.

What Was at Risk?

The exposed database contained a large variety of user information, including:

• Full chat histories users had shared with the AI.
• Details about which model each user interacted with.
• Settings and preferences stored by the app.
• Related data from other apps developed by the same company, Codeway.

This kind of breach highlights how dangerous a simple misconfiguration can be when powerful technologies like AI chatbots are involved. Chatbots often collect and process huge volumes of conversational data — and if that data isn’t secured properly, it can become a treasure trove for anyone who stumbles upon it.

How Did This Happen? Firebase Missteps

The root cause of the leak traces back to a Firebase backend that was left wide open. Firebase is a popular cloud platform used by developers to build and host apps, manage databases, and store user files. If Security Rules are incorrect — for example, set to “public” — it can grant anyone on the internet access to read, alter, or delete data.

Security researchers say this type of configuration error is both common and preventable. In fact, Harry has developed a scanning tool that searches the Google Play and Apple App Store ecosystems for this exact vulnerability. Of the roughly 200 iOS apps he scanned, 103 showed similar issues, collectively exposing tens of millions of files.

Developer Response and Responsible Disclosure

Once notified of the issue, Codeway reportedly fixed the misconfiguration across all of its apps within hours — stripping them from Harry’s public registry of vulnerable applications. Harry’s project removes entries from this list as developers confirm fixes, providing a visual way to track which apps still have open vulnerabilities.

Protecting Yourself When Using AI Chat Apps

With AI tools becoming more common for personal and professional use, this incident is a stark reminder of how much personal data we share — often without considering where it’s stored or how it’s protected. Experts recommend the following safety tips:

• Avoid sharing highly sensitive information in AI chats.
• Use chat services that explicitly state they do not store or train on your data.
• Wherever possible, use services with strong encryption and privacy protections.
• Be cautious about linking conversational data to real identities or accounts.

As AI continues to shape how we communicate online, ensuring that companies implement proper security safeguards will be critical to preventing future leaks like this one.