Vyro AI, the developer behind apps like ImagineArt (10M+ downloads), Chatly (100K+ downloads), and Chatbotx (50K monthly visits), exposed an unprotected Elasticsearch instance containing 116GB of real-time user logs from its production and development environments. The breach, indexed by IoT search engines since mid-February, left sensitive data accessible for months, including: - AI prompts (user inputs to the chatbots), - Bearer authentication tokens (enabling account hijacking, session access, and fraudulent purchases), - User agents (device/OS identifiers, allowing user tracking). Attackers could exploit this to take over accounts, access chat histories/generated images, and commit fraud via AI credit systems. The exposure stemmed from lack of passwords, authentication, or network restrictions, highlighting systemic neglect of security in favor of rapid product deployment. The incident aligns with broader trends of AI-driven breaches caused by architectural flaws and prioritization of growth over privacy.
Source: https://www.malwarebytes.com/blog/news/2025/09/when-ai-chatbots-leak-and-how-it-happens
TPRM report: https://www.rankiteo.com/company/vyro-ai
"id": "vyr3392633091125",
"linkid": "vyro-ai",
"type": "Breach",
"date": "2/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '10M+ (ImagineArt) + 100K+ '
'(Chatly) + 50K (Chatbotx '
'monthly visits)',
'industry': ['AI',
'Generative AI',
'Mobile Apps',
'Web Applications'],
'name': 'Vyro AI',
'type': 'Private Company'}],
'attack_vector': ['Unsecured Database',
'Lack of Authentication',
'IoT Search Engine Indexing'],
'data_breach': {'data_encryption': ['None (Database Was Unprotected)'],
'data_exfiltration': ['Potential (No Confirmation of Theft)'],
'file_types_exposed': ['Log Files', 'JSON/HTTP Headers'],
'personally_identifiable_information': ['Indirect (via User '
'Agent Strings, '
'Tokens)'],
'sensitivity_of_data': ['High (Account Hijacking Risk)',
'Medium (Behavioral/Usage Data)'],
'type_of_data_compromised': ['User-Generated AI Prompts',
'Authentication Tokens',
'User Agent Strings',
'Log Data']},
'date_detected': '2025-02-15',
'date_publicly_disclosed': '2025-09-10',
'description': 'Vyro AI, a company behind AI apps like ImagineArt (10M+ '
'downloads), Chatly (100K+ downloads), and Chatbotx (50K '
'monthly visits), left an Elasticsearch instance unprotected '
'without passwords, authentication, or network restrictions. '
'The exposed database contained 116GB of real-time user logs '
'from production and development environments, including AI '
'prompts, bearer authentication tokens, and user agent '
'strings. The database was indexed by IoT search engines in '
'mid-February 2025, leaving it vulnerable for months. '
'Attackers could have hijacked accounts, accessed chat '
'histories, or made fraudulent AI credit purchases.',
'impact': {'brand_reputation_impact': ['Negative Media Coverage',
'Loss of User Trust'],
'data_compromised': ['AI Prompts',
'Bearer Authentication Tokens',
'User Agent Strings',
'Chat Histories',
'Generated Images'],
'identity_theft_risk': ['High (via Bearer Token Hijacking)'],
'legal_liabilities': ['Potential Non-Compliance with AI Act (EU)',
'Potential NIS2 Directive Violations'],
'operational_impact': ['Potential Account Hijacking',
'Unauthorized Access to User Data',
'Fraudulent AI Credit Purchases'],
'payment_information_risk': ['Fraudulent AI Credit Purchases'],
'systems_affected': ['Elasticsearch Instance (Production & '
'Development)',
'ImagineArt App',
'Chatly App',
'Chatbotx Web Platform']},
'initial_access_broker': {'entry_point': ['Unprotected Elasticsearch '
'Instance'],
'high_value_targets': ['Bearer Authentication '
'Tokens',
'User Account Sessions'],
'reconnaissance_period': ['Indexed by IoT Search '
'Engines in Mid-February '
'2025']},
'investigation_status': 'Disclosed by Third-Party Researcher (No Official '
'Company Statement)',
'lessons_learned': ['Rapid AI product development often prioritizes features '
'over security, leading to critical misconfigurations.',
'Unprotected databases (e.g., Elasticsearch) are '
'low-hanging fruit for attackers, especially when indexed '
'by IoT search engines.',
'Bearer tokens in logs create severe account takeover '
'risks if exposed.',
'AI-specific regulations (e.g., EU AI Act, NIS2) are '
'emerging but may not yet cover all high-risk scenarios '
'like misconfigured backends.'],
'motivation': ['Opportunistic Access',
'Potential Account Takeover',
'Data Theft',
'Fraud'],
'post_incident_analysis': {'corrective_actions': ['Secure all database '
'instances with '
'authentication and network '
'restrictions.',
'Conduct a full audit of '
'logged data to remove '
'sensitive information '
'(e.g., tokens).',
'Implement continuous '
'monitoring for exposed '
'assets.',
'Review AI product '
'development pipelines to '
'integrate security earlier '
'in the process.'],
'root_causes': ['Lack of basic security controls '
'(authentication, firewalls) on '
'Elasticsearch instance.',
'Overemphasis on rapid product '
'deployment (AI apps) at the '
'expense of security best '
'practices.',
'Failure to monitor for unintended '
'exposure via IoT search engines.',
'Storing sensitive tokens in logs '
'without protection.']},
'recommendations': ['Implement authentication (e.g., passwords, API keys) and '
'network restrictions (e.g., firewalls) for all database '
'instances.',
'Regularly audit cloud/storage configurations for '
'exposure risks using tools like Shodan or Censys.',
'Avoid logging sensitive data (e.g., bearer tokens) in '
'plaintext; use tokenization or encryption.',
'Monitor IoT search engines for unintended exposure of '
'company assets.',
'Prioritize security in AI product lifecycles, especially '
'for high-growth startups handling user data.',
'Prepare for AI-specific compliance requirements (e.g., '
'EU AI Act, NIS2) by securing model endpoints, APIs, and '
'data pipelines.'],
'references': [{'date_accessed': '2025-09-10',
'source': 'Cybernews',
'url': 'https://cybernews.com/security/vyro-ai-unprotected-elasticsearch-exposes-user-data/'}],
'regulatory_compliance': {'regulations_violated': ['Potential: AI Act (EU)',
'Potential: NIS2 Directive '
'(EU)']},
'response': {'communication_strategy': ['Media Coverage (Cybernews)'],
'third_party_assistance': ['Researcher Disclosure (via '
'Cybernews)']},
'title': 'Vyro AI Unprotected Elasticsearch Instance Exposes 116GB of User '
'Logs',
'type': ['Data Exposure', 'Unauthorized Access', 'Misconfiguration'],
'vulnerability_exploited': ['Misconfigured Elasticsearch Instance',
'Missing Access Controls']}