PrivacyCritical

AI Companion App Muah.ai Breached, Exposing Intimate Chat Prompts and Emails

Muah.ai

What Happened

The AI girlfriend service Muah.ai was hacked, spilling a database that tied user email addresses (many with real names) to their chatbot prompts and AI image prompts. Many prompts were sexually explicit, and disturbingly some described child sexual abuse scenarios. The attacker characterized the platform's backend as loosely assembled open-source projects requiring little sophistication to breach.

Impact

Around 1.9 million email addresses were exposed alongside deeply sensitive personal prompts, creating severe privacy, blackmail, and legal exposure for users. Reporting indicated the leaked data was subsequently used in active extortion attempts.

How to Prevent This

  • Encrypt sensitive user content at rest and minimize retention of intimate conversation data
  • Harden and pen-test backend infrastructure rather than shipping loosely assembled components
  • Decouple personal identifiers from behavioral/prompt data to limit blast radius of a breach
  • Implement content safeguards and reporting for illegal material such as CSAM
  • Apply strong access controls, monitoring, and breach-detection on all user data stores

Don't Let Your Company Be the Next Case Study

Take our 2-minute quiz to identify your AI risks before they become failures.

Assess Your AI Risks Now →

Most teams can't — find out in 2 minutes

Real AI failures analyzed • Free 2-minute assessment