08.07.2025
2 min
554
FlirtAI, a popular dating AI wingman, leaked more than 160,000 screenshots of users’ private chats. The leak occurred through Google’s open cloud, which anyone could access. The most vulnerable were teenagers who used the app en masse, not realizing that their correspondence could be publicly available.
FlirtAI is an app that promises to “improve your flirting skills.” The user was asked to take a screenshot of a chat or profile, upload it to the app, and receive 5 possible answers from artificial intelligence. It was these screenshots that ended up in the open Google Cloud Storage without any protection.
The researchers discovered the leak and notified the developer, Buddy Network GmbH, and CERT. After some time, the leak was closed, but the data was already available on the Internet. Some of the screenshots contained personal information of people who didn’t even use FlirtAI – their data got there without consent, simply because other users took screenshots of them.
FlirtAI has a 17+ rating in the App Store due to hints of adult content and vulgarity. However, it was teenagers who became the main audience: they are the ones who use dating apps most often and think the least about security.
The worst thing is that the people whose data was leaked probably didn’t even know that there were screenshots with their participation. The screenshots often show names, photos, and the context of the chat – this is enough to identify the person. In the App Store, FlirtAI warns that you can only download those screenshots for which you have received consent from other chat participants. But this is completely unrealistic: none of the teenagers will ask permission before downloading.
Buddy Network GmbH also owns two other apps, one of which features an artificial “angel” as the interlocutor, and the other an AI diary. All of which could contain sensitive personal data if not properly protected.
