As AI-powered apps gain rapid adoption, a serious data security lapse has raised fresh concerns. Reports indicate that 2 applications available on the Google Play Store allegedly exposed personal data belonging to millions of smartphone users across multiple countries.
The exposed data reportedly included photos, videos, AI-generated files, and sensitive Know Your Customer documents. The apps were said to be used in nearly 25 countries, including the United States, highlighting the global scale of the incident.
The main app identified is Video AI Art Generator & Maker. The application had crossed 500,000 downloads and received thousands of reviews. Investigators claim that more than 1.5 million user images, over 385,000 videos, and a large volume of AI-generated files linked to the app were accessible without proper authorization.
Cybersecurity researchers revealed that since its launch on June 13, 2023, the app had stored around 8.27 million files on its servers. More than 12 TB of this data was reportedly left publicly accessible. The exposure was not the result of a hacking attack but was caused by a misconfigured cloud storage setup.
Findings suggest that a Google Cloud Storage bucket connected to the app was not properly secured, allowing files to be viewed and downloaded without authentication. Experts warned that such lapses pose serious risks, especially when personal and private content is involved. Following the disclosure, the app is reportedly no longer available on the Play Store.
A second app, IDMerit, has also come under scrutiny. It is alleged to be linked to the same developer and is said to have exposed documents commonly used for KYC verification.
KYC data typically includes identity proofs, address documents, phone numbers, and other personal details. Security experts cautioned that exposure of such information could lead to identity theft, financial fraud, and the creation of fake accounts.
The data leak is believed to have affected users in nearly 25 countries, including the United States, Germany, France, China, and Brazil. Since the apps were available globally, users from multiple regions may have been impacted.
Experts noted that while AI-based applications are growing quickly, not all developers follow strict cybersecurity standards. This gap increases the risk of data misuse if safeguards are weak.
Users are advised to check developer details before installing apps, limit permissions, review privacy policies carefully, and regularly monitor digital and banking activity for unusual behavior. The incident underscores the need for stronger data protection as AI adoption continues to rise.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
