A data leak in the Android app "Video AI Art Generator & Maker" exposed millions of private user files due to a misconfigured Google Cloud Storage bucket. The app, developed by Codeway Dijital Hizmetler Anonim Sirketi, a Turkish company, had been available since June 2023.
Extent of the Exposure
The open storage bucket contained approximately 8.27 million media files. This included nearly 2 million original private uploads, comprising around 1.57 million images and over 385,000 videos. Additionally, the bucket held about 2.87 million AI-generated videos, 2.87 million images, and over 386,000 audio files.
Security and Legal Concerns
Although the developers have since secured the bucket, users remain at risk. Legal experts suggest that the app's privacy notice, which states that shared information "cannot be regarded as 100% secure," may not meet standards such as the EU GDPR. Affected users face potential threats like targeted phishing, identity theft, and misuse of private videos for deepfakes.
Recommendations for Users
Security researchers recommend that users audit app permissions and avoid uploading highly personal or identifying content to cloud-based AI tools lacking end-to-end encryption. This incident follows a previous exposure involving another Codeway app, Chat & Ask AI, which reportedly leaked about 300 million messages from over 25 million users.
