A significant privacy breach has emerged involving a widely-used Android AI application, exposing millions of private user files to public access. Researchers from Cybernews have identified a critical misconfiguration in the “Video AI Art Generator & Maker,” an app designed to creatively transform media using artificial intelligence. This incident underscores the escalating privacy concerns that accompany the rapid proliferation of AI-driven creative tools.
Security Flaw Unveiled
The security vulnerability stemmed from a misconfigured Google Cloud Storage bucket, which was devoid of any authentication measures. As a result, every piece of media uploaded to the app since its inception in June 2023 became publicly accessible. The exposed bucket harbored an astonishing 8.27 million media files, creating a vast digital footprint of sensitive user information.
Millions of Private Memories at Risk
This breach is particularly alarming due to the involvement of nearly 2 million original files uploaded by users from their personal devices. The leak encompasses over 1.57 million private images and more than 385,000 personal videos. Additionally, the database revealed millions of AI-generated assets, including 2.87 million generated videos, 2.87 million images, and over 386,000 audio files.
Developed by Codeway Dijital Hizmetler Anonim Sirketi, a company based in Turkey, the app’s developers have since rectified the bucket’s configuration. However, the exposure continues to impact all users who utilized the application to generate AI art over the past several years.
Legal Implications and User Risks
The scale of this leak is further complicated by the app’s privacy documentation, which explicitly states that shared information “cannot be regarded as 100% secure” and may be vulnerable to unauthorized access. Legal experts indicate that such disclaimers may not meet stringent international privacy standards, such as Europe’s General Data Protection Regulation (GDPR), which requires companies to ensure “material and verifiable” security for user data.
Affected users now face heightened risks, including targeted phishing attacks, identity theft, and the potential misuse of private videos for malicious “deepfake” content. Security researchers recommend that users of AI editing tools conduct regular audits of their app permissions and exercise caution when uploading highly personal or identifiable content to cloud-based platforms lacking end-to-end encryption.
This incident is not the first of its kind for Codeway. Reports indicate that another app developed by the company, Chat & Ask AI, also suffered from a misconfigured backend utilizing Google Firebase. An independent security researcher reportedly accessed approximately 300 million messages linked to over 25 million users.
For more information, see the full report: Cybernews Report
For the latest tech stories, visit TechDigest.tv
