Firebase Misconfiguration Exposes 300M Messages From Chat & Ask AI Users

A technical mistake in the popular Chat & Ask AI app has left 300 million private messages from 25 million users exposed online. Discover what happened and how you can protect your personal data when using AI chatbots...

AI chat app leak exposes 300 million messages tied to 25 million users

An independent security researcher uncovered a major data breach affecting Chat & Ask AI, one of the most popular AI chat apps on Google Play and Apple App Store, with more than 50 million users. The researcher claims to have accessed 300 million messages from over 25 million users due to an...

CVE-2024-45489

Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run JavaScript cannot be shared by default; however because of misconfigured Firebase ACLs, it is possible to create or update a boost using another user's ID. This installs the boost in the victim's browser and...

PT-2024-6951

Name of the Vulnerable Software and Affected Versions: Arc versions prior to 2024-08-26 Description: Arc browser, before version 2024-08-26, contains a remote code execution issue within JavaScript boosts. Normally, JavaScript boosts cannot be shared; however, misconfigured Firebase Access Contro...