New Delhi: Amid the rapid rise of Artificial Intelligence (AI) tools, a major data breach has come to light. According to reports, two apps available on the Google Play Store allegedly exposed the personal data of millions of smartphone users. The leaked information includes photos, videos, AI-generated files, and even sensitive Know Your Customer (KYC) documents. These apps were reportedly being used across nearly 25 countries, including the United States.
The primary app named in the report is Video AI Art Generator & Maker. The app had been downloaded more than 500,000 times and had received thousands of user reviews. It is alleged that through this app, more than 1.5 million user images, over 385,000 videos, and a large number of AI-generated files were accessible without proper authorization.
Over 12TB of Data Exposed
Cybersecurity researchers revealed that since its launch on June 13, 2023, the app had accumulated approximately 8.27 million files on its servers, of which more than 12 terabytes (TB) of data was publicly accessible. The exposure was not caused by a sophisticated hacking attack but reportedly due to a misconfigured cloud storage system.
According to the findings, a Google Cloud Storage bucket linked to the app was improperly secured. As a result, media files could be accessed and downloaded without authentication. Experts warn that such technical negligence can create massive data security risks, especially when sensitive personal content is involved. Following the disclosure, the app is reportedly no longer visible on the Google Play Store.
Certified Cyber Crime Investigator Course Launched by Centre for Police Technology
Second App Under Scrutiny
The second app mentioned in the report is IDMerit, which allegedly shares the same developer as the first app. Data exposed through IDMerit is said to involve documents typically used for KYC verification processes.
KYC details generally include identity proofs, address documents, phone numbers, and other personal information. These documents are widely used in banking, fintech, and other financial services. Cybersecurity experts caution that if such information falls into the wrong hands, it can lead to identity theft, banking fraud, and the creation of fake accounts.
Impact Across 25 Countries
The data exposure reportedly affected users in nearly 25 countries, including the United States, Germany, France, China, and Brazil. Since the apps were available internationally, user data from multiple regions may have been impacted.
Experts note that AI-powered applications are gaining popularity rapidly, but not all developers strictly adhere to global cybersecurity standards. This makes users more vulnerable to data misuse if proper safeguards are not implemented.
How to Stay Safe
- Always verify the developer profile before installing a new app.
- Check for official verification badges and review authenticity on the app store.
- Limit app permissions, especially access to camera, storage, and files.
- Read the privacy policy carefully before uploading sensitive documents.
- Regularly monitor your bank and digital account activity for suspicious transactions.
While AI tools offer convenience and creative possibilities, ignoring data security can prove costly. The incident serves as a reminder that as technology advances rapidly, cybersecurity vigilance must keep pace.
