• FlirtAI wingman app leaked 160K chat screenshots through unprotected cloud storage.
• Teenagers frequently used the app, making the breach more concerning for minors.
• Some individuals were likely unaware their conversations were screenshot and sent to third parties.

Sending private screenshots to an AI-based “wingman” app is probably not the best idea. Who would have thought? Unfortunately, users of FlirtAI - Get Rizz & Dates will have to find out the hard way.

The Cybernews research team recently discovered an unprotected Google Cloud Storage Bucket owned by Buddy Network GmbH, an iOS app developer.

The exposed data was attributed to one of the company’s projects, FlirtAI - Get Rizz & Dates, an app that intends to analyze screenshots that users provide, promising to suggest appropriate replies.
Meanwhile, the app makers leaked over 160K screenshots from messaging apps and dating profiles, belonging to individuals that users of the AI wingman wanted assistance with.

What makes it worse is that, according to the team, leaked data indicates that FlirtAI - Get Rizz & Dates was often used by teenagers, who fed the AI screenshots of their conversations with their peers.

“Due to the nature of the app, people most affected by the leak may be unaware that screenshots of their conversations even exist, let alone that they could be leaked on the internet,” the team said.

After the team noted the company and the relevant Computer Emergency Response Team (CERT), Buddy Network GmbH closed the exposed bucket. We have reached out to the company for a comment and will update the article once we receive a reply.

Ubisoft is investigating whether it suffered a breach after images of the company's internal software and developer tools were leaked online.

Ubisoft is a French video game publisher known for well-known titles, including Assassin's Creed, FarCry, Tom Clancy's Rainbow Six Siege, and the new Avatar: Frontiers of Pandora.

Ubisoft told BleepingComputer that they are investigating an alleged data security incident after security research collective VX-Underground shared screenshots of what appears to be the company's internal services.

Besides the Samsung Exynos modem issue, Android 13 QPR2 with the March 2023 security update fixes a vulnerability with the Pixel’s Markup screenshot tool.

Dubbed “aCropalypse,” Simon Aarons identified and reported this vulnerability (CVE-2023-21036) to Google in early January, with the initial proof-of-concept exploit developed by David Buchanan:

Screenshots cropped using the built-in “Markup” app on Google Pixel devices may be retroactively un-cropped and un-redacted under many circumstances.