One Company, Two AI Apps, 300 Million Leaked Messages and 2 Million Exposed Photos
Turkish AI company Codeway left Firebase and Google Cloud Storage wide open, exposing 300 million chat messages from 25 million users and 8.27 million photos and videos across two apps. Over 12 TB of user data leaked.
5 min read
Turkish AI company Codeway has exposed user data on a staggering scale - not once, but twice. Security researchers discovered that two of the company's popular Android AI apps left massive databases wide open to the internet, leaking 300 million private chat messages from 25 million users and nearly 2 million personal photos and videos through basic cloud misconfigurations that should never have made it past a junior developer's code review.
| Who | Codeway Dijital Hizmetler Anonim Sirketi, a Turkish tech firm founded in Istanbul in 2020 |
| App 1 | "Chat & Ask AI" - Firebase misconfiguration leaked 300M messages from 25M users, including suicide-related and illegal requests |
| App 2 | "Video AI Art Generator & Maker" - Google Cloud Storage bucket with zero authentication exposed 8.27M files, including 1.57M private photos and 385K personal videos |
| Total exposure | Over 12 TB of user data across both apps |
| Root cause | No authentication on cloud storage; Firebase security rules left set to public |
| Broader finding | 103 out of 200 iOS apps tested had the same Firebase misconfiguration |
Leak #1: 300 Million AI Chat Messages
The first leak, discovered by security researcher "Harry", affected Codeway's Chat & Ask AI app - a popular wrapper that gives users a single interface to interact with ChatGPT, Gemini, and Claude. The app has over 50 million downloads across Google Play and the Apple App Store.
The vulnerability was a textbook Firebase misconfiguration: the database's security rules were left set to public, allowing anyone with the project URL to read, modify, or delete data without any authentication. The exposed data included:
- Complete chat histories with every AI model the user interacted with
- AI bot names and configuration settings
- Deeply personal and sensitive requests - including conversations about suicide assistance and unlawful activities
Harry alerted Codeway on January 20, 2026. The company reportedly fixed the issue across all its apps within hours, but the database may have been vulnerable for an extended period before that. Three hundred million messages don't accumulate overnight.
Perhaps most alarming: after discovering the flaw, Harry built a scanning tool and tested 200 other iOS apps. He found that 103 of them - more than half - had the same Firebase misconfiguration, suggesting the problem is systemic across the AI app ecosystem.
Leak #2: 8.27 Million Photos and Videos
The second leak, discovered by Cybernews researchers, affected Codeway's Video AI Art Generator & Maker app - an Android tool with 500,000 downloads that generates AI art and video effects from user-uploaded media.
This time the failure was a Google Cloud Storage bucket with zero authentication. Every photo, video, and audio file uploaded to the app since its June 2023 launch was publicly accessible to anyone who knew where to look. The bucket contained:
| File type | Count |
|---|---|
| Private user images | 1.57 million |
| Personal videos | 385,000+ |
| AI-generated videos | 2.87 million |
| AI-generated images | 2.87 million |
| Audio files | 386,000+ |
| Total | 8.27 million files (12+ TB) |
The oldest file in the bucket dated back three days before the app's public launch, meaning the storage was never properly configured from day one.
Cybernews reached out to Codeway multiple times before the company eventually secured the bucket. The exposure creates real risks for affected users: researchers noted that leaked personal photos and videos could be used for targeted phishing, identity theft, and deepfake content creation.
The Pattern: Speed Over Security
The fact that the same company produced two apps with two different cloud misconfigurations - one Firebase, one Google Cloud Storage - points to a systemic security culture failure, not an isolated mistake.
"This data leak also shows how some AI apps prioritize fast product delivery, skipping crucial security features, such as enabling authentication for the critical cloud storage bucket used to store user data," Cybernews researchers wrote.
Codeway's own privacy documentation contained a telling admission: shared information "cannot be regarded as 100% secure" and may face unauthorized access. Privacy researchers have noted this language may conflict with GDPR requirements for demonstrable data security, particularly since the apps are available to European users.
A Systemic Problem Across AI Apps
Codeway's leaks are not isolated incidents. They're part of a broader pattern of AI applications shipping with fundamental security flaws:
- 103 out of 200 iOS apps tested by researcher Harry had the same Firebase misconfiguration that exposed Chat & Ask AI's data
- The AI app ecosystem is dominated by small, fast-moving startups racing to ship features without investing in basic infrastructure security
- Many AI apps function as thin wrappers around frontier model APIs, with the company's only real infrastructure being the cloud storage that holds user data - the very infrastructure they're failing to secure
The combined exposure from Codeway's two apps alone totals over 12 terabytes of user data: intimate conversations with AI chatbots, private photos, personal videos, and AI-generated content that users reasonably expected to remain private.
What Users Should Do
If you've used either "Chat & Ask AI" or "Video AI Art Generator & Maker," assume your data was exposed:
- Change passwords on any accounts discussed in AI chat conversations
- Enable MFA on services referenced in your chat history
- Monitor for phishing - exposed personal data enables highly targeted attacks
- Check for identity misuse if you uploaded ID photos or personal documents
- Consider that private videos may have been accessed and could surface in deepfake content
The broader lesson is uncomfortable but necessary: every photo you upload to an AI app, every message you type into an AI chatbot, is only as private as the cloud bucket it's stored in. And as this case demonstrates, that bucket might not have a lock on it at all.
Sources:
- Cybernews: Android AI Video Generator App Leaks 8M Photos and Videos
- Malwarebytes: AI Chat App Leak Exposes 300 Million Messages Tied to 25 Million Users
- SC Media: AI Art Generator App Leaks 2 Million Private User Photos and Videos
- SC Media: Nearly 300M Chat & Ask AI User Messages Spilled by Firebase Misconfiguration
- Hackread: Firebase Misconfiguration Exposes 300M Messages From Chat & Ask AI Users
- Tech Digest: Android AI App Exposes Nearly 2M User Files
- Fox News: Millions of AI Chat Messages Exposed in App Data Leak
- ID Strong: Chat & Ask AI Data Breach 2026
