300 Million AI Chats Spilled Because One App Left a Firebase Checkbox Set to "Public"

:police_car_light: One App Left the Door Unlocked and 300 Million of Your Secret AI Chats Fell Out

A single checkbox set to “public” and boom — every 2am confession 25 million people typed into a chatbot was just… sitting there for anyone with a link.

300,000,000 private messages. 25 million people. Zero passwords needed. And the same bug was hiding in 103 out of 200 apps he checked.

An app called Chat & Ask AI — made by a Turkish company called Codeway — left its whole storage room wide open. A researcher just walked in.

Data Leak GIF

Okay so. You know how you talk to those little AI chatbot apps like they’re your therapist, your lawyer, your weird 3am friend who won’t judge you? Yeah. About that.

An app called Chat & Ask AI — it’s basically a fancy front door that repackages ChatGPT, Gemini, and Claude into one shiny phone app — left its entire back room UNLOCKED. Not hacked. Not cracked. Just… open. Anybody with the right web link could read, change, or delete everything. I mean. WHAT.

And “everything” here means roughly 300 million private messages from 25 million people. Suicide help requests. Confessions about illegal stuff. The kind of things you’d whisper, not shout. All of it just chilling in an open drawer. You’re not ready for how dumb the cause is.

🧩 Dumb Mode Dictionary (read this first, everything else clicks)
The scary word What it actually means
Firebase Google’s ready-made “back room” where apps stash your data. Super popular because it’s easy.
Security Rules The lock on that back room. You set who’s allowed in.
Set to “public” The lock was left in the OFF position. Anyone with the address strolls right in. No key.
Wrapper app An app that doesn’t build its own AI — it just wraps a nicer skin around ChatGPT/Claude and charges you.
Misconfiguration Fancy word for “somebody clicked the wrong setting and nobody checked.”
Responsible disclosure Finding the open door, NOT stealing anything, and quietly telling the owner so they fix it. Often paid.
📖 How the hell did this happen?
  • Back in January 2026, a security researcher who goes by “Harry” was poking at phone apps to see which ones were sloppy.
  • He found Chat & Ask AI’s storage was set to public — the digital equivalent of a bank leaving the vault door propped open with a shoe.
  • No password. No login. Just type the address, and 300 million messages say hi. Fox News has the writeup here.
  • He didn’t grab it all (good guy). He sampled ~60,000 users and 1 million+ messages just to prove the size, then reported it on January 20, 2026.
  • Codeway, to their credit, slammed the door shut within hours. But here’s the gut-punch: nobody knows how long it was open BEFORE Harry showed up.
🔥 The part that should actually scare you

This isn’t one dumb app. This is a PATTERN.

Harry didn’t just check one app. He scanned 200 iPhone apps — and 103 of them had the exact same open-door bug. That’s more than HALF. Collectively leaking tens of millions of files. (Hackread breaks it down.)

So when you download some random AI app with a cute icon and 2 million downloads? There’s a real chance its back room is unlocked too. The “AI gold rush” means thousands of tiny teams shipping apps fast and skipping the boring security checkbox. Speed over locks. Every. Single. Time.

📊 The receipts (numbers that don't lie)
Thing Number
Private messages exposed ~300 million
People affected 25 million+
Password needed to see it all :zero:
Apps Harry scanned 200
Apps with the SAME open door 103
Time Codeway took to fix it A few hours
Time it may have been open before :person_shrugging: nobody knows
💬 What the timeline's saying
  • Security folks are basically screaming “we told you so” — Firebase’s own docs literally warn you not to do this.
  • Regular people are realizing the “private” AI chat was never private. It was a diary with the cover ripped off.
  • The spicy take going around: a wrapper app doesn’t even NEED to store your messages to work — so why was it hoarding 300 million of them in the first place? Good question, huh.

Cool. So Half the AI Apps Are Basically Unlocked Sheds… Now What the Hell Do We Do? (⊙_⊙)

Magnifying Glass Search GIF

Here’s the thing nobody’s saying out loud: if HALF the apps out there are leaving the door open, then finding open doors — legally, and telling the owner — is a genuine skill people pay for right now. The gold rush made a mess. Cleaning the mess is the business. Let’s get into it.

🕳️ The Open-Door Knocker

Companies pay real cash to people who find their unlocked doors FIRST — before a bad guy does. It’s called a bug bounty, and Firebase misconfigs are the easy-mode version because you don’t break anything, you just notice the lock is off.

Learn what a wide-open Firebase database looks like (tons of free writeups exist), scan apps the legal way, and report through official channels like HackerOne or the company’s security email. You report — you don’t download people’s data. That line matters.

:brain: Example: A 22-year-old self-taught coder in Lagos, Nigeria spends weekends checking small AI apps for the exact “public Firebase” flaw from this story, files clean reports through HackerOne, and lands a $1,500 bounty on his third real find. Not life-changing yet — but it’s a paid skill that compounds.

:chart_increasing: Timeline: First legit report in 2–3 weeks of learning. Real payouts by month 2–3. Cools off as companies wise up — so bank your reputation early.

🔍 The App Autopsy Service

Thousands of “wrapper” apps launched this year. Almost nobody checks if they’re safe before downloading. Be the person who checks.

Pick a niche (AI chat apps, kids’ apps, dating apps — whatever), test how they store data, and publish a simple “Safe / Sketchy” scorecard. People trust a reviewer who actually opens the hood, not one who just counts stars. Small devs will even PAY you to audit them before launch so they don’t become the next headline.

:brain: Example: A 24-year-old comp-sci grad in Manila runs a plain Notion page ranking 40 popular AI apps by “does it leak your chats.” It goes semi-viral on Reddit, three indie devs DM her to audit their app pre-launch at $200 a pop.

:chart_increasing: Timeline: First scorecard live in a weekend. Paid audit requests within a month if you’re loud about it. Stays useful as long as new apps keep shipping (forever, basically).

🛡️ Sell the Locks, Not the Gold

Everyone’s hyped about building AI apps. Nobody wants to learn the boring security setup. That gap? That’s the shovel store in a gold rush.

Build a dead-simple “secure your app’s back room in 10 minutes” kit — copy-paste Firebase Security Rules templates, a checklist, a quick video. Sell it to the flood of solo devs who’d rather pay $19 than read Google docs. You’re not building the next big app — you’re selling pickaxes to everyone who is.

:brain: Example: A 26-year-old freelancer in Kraków, Poland packages 8 ready-to-paste Firebase lock templates + a checklist on Gumroad for $15. Posts it in three indie-dev Discords. 60 sales the first month because it saves people from becoming this exact news story.

:chart_increasing: Timeline: Product built in a few days. Steady trickle of sales as long as Firebase is popular. Refresh templates when Google changes stuff.

📡 The 'Am I In It?' Alert Guy

When a leak like this drops, millions of people panic-Google “was I affected?” and find… nothing useful. That’s a hole you can fill.

Have I Been Pwned covers passwords — but nobody’s making it dead-simple for the AI-app leak crowd specifically. Build a plain email list where people get a heads-up when an AI chat app they use gets caught leaking, plus the one-step “delete your data” instructions. Trust first, money later (affiliate deals with VPNs/password managers come naturally once you have the audience).

:brain: Example: A 23-year-old in São Paulo, Brazil starts a free “AI App Leak Watch” newsletter, manually posting each new breach with plain-English “here’s what to do” steps. Hits 4,000 subscribers in two months purely off worried people sharing it.

:chart_increasing: Timeline: List started same day. Audience snowballs with every new breach headline (and trust me, they’re not stopping). Money comes at ~5k+ subscribers.

🎣 The Pre-Launch Panic Middleman

Small dev teams SEE this story, get scared their app has the same hole, but have no clue who to call. Be the calm person who answers.

Offer a flat-fee “we’ll check your app for the 5 dumbest, most common leaks before you launch” service. You’re not a l33t hacker — you’re the friend who double-checks the stove is off before the trip. That peace of mind sells, especially to non-technical founders who paid someone on Fiverr to build their app and have no idea if it’s safe.

:brain: Example: A 25-year-old bootcamp grad in Nairobi offers a “$120 pre-launch leak check” on Twitter/X targeting #buildinpublic founders. Two clients the first week, both terrified after reading about Codeway. Word of mouth does the rest.

:chart_increasing: Timeline: First client within days of posting. Repeat business as founders refer each other. Scales into a small agency if you stay reliable.

🛠️ Follow-Up Actions
If you want to… Do this
Learn the exact bug Read Firebase Security Rules docs
Get paid to find open doors Sign up at HackerOne
Check if you’re leaked Run your email through Have I Been Pwned
Sell your security kit Set up a Gumroad page
Read the full breach story Malwarebytes writeup

:high_voltage: Quick Hits

You want… Do this right now
:locked: To stop leaking Delete old AI chat apps you don’t use — their back rooms may still be open
:broom: To clean up Go into your AI apps and delete your chat history where you can
:money_bag: To cash in Learn Firebase misconfigs, report legally via HackerOne
:open_mailbox_with_raised_flag: To stay safe Check Have I Been Pwned monthly
:brain: To think smarter Assume every “private” AI chat is one bad checkbox away from public

You didn’t get hacked. Somebody just forgot to lock the door — and 300 million secrets walked out on their own.

1 Like