A massive data leak at Vyro AI has exposed 116GB of private information from popular apps like ImagineArt, Chatly, and Chatbotx. Discovered by security experts at Cybernews, this breach could allow hackers to hijack user accounts and access private conversations. The Pakistan-based company’s unprotected database left millions of users vulnerable, spilling sensitive AI prompts, authentication tokens, and other user details onto the open web for months.
What Data Was Exposed in the Vyro AI Leak?
Security researchers uncovered a huge security failure involving an unprotected database belonging to Vyro AI. This leak exposed a massive 116GB of user data from three of the company’s most popular AI applications: ImagineArt, Chatly, and Chatbotx.
The exposed information is highly sensitive and includes user-entered AI prompts, bearer authentication tokens, and user agents. These bearer tokens are like digital keys that can grant anyone full access to a user’s account. The database was first detected by IoT search engines in February, suggesting that this critical data may have been accessible to bad actors for a long period.
With over 150 million total downloads across its apps, Vyro AI has a massive user base. The popularity of these tools now makes the scale of this data breach a significant threat to a large number of people worldwide.
The Dangers Facing Millions of App Users
The most immediate threat to users is account takeover. Cybercriminals can use the leaked bearer tokens to log into user accounts without needing a password. Once inside, they could view complete chat histories, see all images generated with the AI, and even use the account to purchase AI credits for their own malicious purposes.
This breach shatters the illusion of privacy many people have when interacting with AI chatbots. The leaked logs contained enough information to track user habits and extract personal secrets shared with the AI models.
- Account Hijacking: Attackers can lock users out of their accounts and steal personal data.
- Exposure of Secrets: Sensitive business ideas, health concerns, or financial details shared in prompts are now at risk.
- Fraudulent Activity: Stolen accounts could be used to rack up charges or for other illegal activities.
A related study by Harmonic Security found that this is a widespread problem. Their analysis showed that in over 20,000 files sent to AI tools, 22% contained sensitive data like source code or customer records, highlighting how often people overshare with AI.
How You Can Protect Your Account and Data
If you have used ImagineArt, Chatly, or Chatbotx, it is crucial to take action immediately to protect your information. The first step is to change your password for any associated accounts. You should also carefully monitor your accounts for any unusual activity, such as logins from unfamiliar locations or unexpected purchases.
Whenever possible, enable two-factor authentication. This adds a critical second layer of security that can prevent a hacker from accessing your account even if they have your login credentials. More broadly, it’s important to change how you interact with AI tools. Treat every AI chat as if it were a public forum, not a private conversation.
This table provides a quick guide to securing your digital life after a breach.
| Action to Take | Why It Is Important |
| Update Passwords | Immediately blocks access using old, potentially compromised credentials. |
| Monitor Account Activity | Helps you spot and report unauthorized logins or actions quickly. |
| Use Secure AI Alternatives | Keeps sensitive data within a controlled environment, like a self-hosted model. |
| Educate Yourself on Risks | Prevents you from making the same mistakes and sharing private data in the future. |
A Wake-up Call for the AI Industry
The Vyro AI breach highlights a growing problem in the tech world: companies are rushing to develop and release AI tools without making security a top priority. In the race to innovate, fundamental safeguards like securing databases are often overlooked, leaving millions of users exposed.
Organizations and their employees are increasingly feeding sensitive corporate data into public AI systems without fully understanding the risks. As Aras Nazarovas, a security researcher at Cybernews, noted, most users don’t realize their conversations could become public. This incident serves as a stark reminder that convenience should never come at the cost of privacy and security. It signals a need for both developers to build more secure products and for users to be more cautious about the data they share.
