- ‘Flirtai’ has leaked user data in an unprotected storage cube
- The user base of the application seems to have been mainly teenagers
- The filtered chats could have a devastating effect for victims
It is difficult to imagine a more shameful scenario than their own private flirtatious chats that are exposed online, except, perhaps, which catches sending these messages for the analysis by an AI application.
Researchers from Cybernews I have discovered a violation in “Flirtai – Get Rizz & Dates” (yes, that is really what is called), which has leaked more than 160,000 chat screenshots of users through a cloud storage cube without protection.
Users of this application feed screenshots of their private conversations in the application to obtain personalized responses designed to help the user flirt or increase the conversation.
More than simply shameful
As expected, but however, this application seems to have been used mainly by adolescents.
Due to the application configuration, those mainly at risk are not those who have sent the chats, but the person they are talking about, presumably to other adolescents who are not aware that their conversation has leaked, and probably without realizing that this application even exists.
While we have seen more dangerous personal data filtered by other chatbots of AI such as SSN and financial information, the nature of this chatbot and its user base represents a different type of damage.
As an adult, I am not sure how well I would deal with my private chats exposed online, so for an already vulnerable teenager this could be devastating.
“The fact that adolescents used this application can increase the seriousness of a possible data violation as the data of minors are considered more sensitive and could be subject to more restrictions regarding the possible uses of data and practices of collection and processing,” confirmed Cybernews researchers.
The application establishes that users “are only allowed to load a screenshot when they have obtained the necessary approvals of all users/humans and their information mentioned in screen capture.”
But, since this would deny the point of the chatbot, it seems very unlikely that this will continue.
Those exposed in this violation could have a higher risk of social engineering attacks such as phishing or, since the application encourages users to share the dating profile of their objective, there could be a risk of impersonation attacks.
