AI apps on the Google Play store have exposed billions of user records due to security lapses, cybersecurity experts reveal. The breaches affected apps marketed for identity verification and media editing, posing significant risks to personal data.
Major Data Breaches
A recent investigation by Cybernews uncovered that the Android app "Video AI Art Generator & Maker" leaked 1.5 million user images, over 385,000 videos, and millions of AI-generated media files. This breach was due to a misconfigured Google Cloud Storage bucket, resulting in over 12 terabytes of exposed media. The app had approximately 500,000 downloads.
Similarly, the app IDMerit exposed sensitive know-your-customer data and personally identifiable information from users in 25 countries. This included full names, addresses, birthdates, IDs, and contact information, totaling about 1 terabyte of data.
Security Concerns and Resolutions
Both app developers addressed the vulnerabilities after being notified by researchers. However, cybersecurity experts warn that such incidents highlight a broader issue of lax security practices, including hardcoded secrets, which put users at risk.
Cybernews reported that 72 percent of hundreds of Google Play apps analyzed had similar security vulnerabilities, indicating a widespread problem that needs urgent attention.
