February 24, 2026

AI-Powered App in 25 Countries Exposed: Hackers Access KYC Documents

Vaibhav February 23, 2026
AI-Powered-App-in-25-Countries-Exposed-Hackers-Access-KYC-Documentsdata
Post Views: 11

Data Breach Exposes Personal Info of Millions of Smartphone Users

A recent data breach has exposed the personal information of millions of smartphone users across 25 countries, including the United States.

Source of the Breach

The breach is attributed to two apps available on the Google Play Store, which allegedly failed to secure sensitive user data.

The primary app, Video AI Art Generator & Maker, had accumulated over 8.27 million files on its servers since its launch in June 2023. However, due to a misconfigured cloud storage system, more than 12 terabytes of data, including photos, videos, and AI-generated files, were publicly accessible.

The exposure was not the result of a sophisticated hacking attack, but rather a simple misconfiguration of a Google Cloud Storage bucket linked to the app.

Second App Exposes Sensitive Documents

A second app, IDMerit, allegedly developed by the same entity, also exposed sensitive documents typically used for Know Your Customer (KYC) verification processes.

These documents often include identity proofs, address documents, phone numbers, and other personal information, which are commonly used in banking, fintech, and other financial services.

Cybersecurity experts warn that if such information falls into the wrong hands, it can lead to identity theft, banking fraud, and the creation of fake accounts.

Global Reach and Implications

The data exposure reportedly affected users in nearly 25 countries, including Germany, France, China, and Brazil.

The global reach of the apps has raised concerns about the vulnerability of user data, particularly in the context of rapidly evolving AI-powered applications.

Experts note that not all developers adhere to global cybersecurity standards, making users more susceptible to data misuse if proper safeguards are not implemented.

Best Practices for Users

Users are advised to exercise caution when installing new apps, verifying developer profiles, and checking for official verification badges.

Additionally, users should limit app permissions, carefully review privacy policies, and regularly monitor their bank and digital account activity for suspicious transactions.

Conclusion

In the wake of this breach, it is essential for developers to prioritize data security and implement robust safeguards to protect user information.

As technology continues to advance rapidly, cybersecurity vigilance must keep pace to prevent similar incidents in the future.



About Author

Vaibhav

See author's posts

More Stories

PayPal-Data-Breach-Exposes-Sensitive-User-Information-Cybersecurity-Concerns-Risedata

PayPal Data Breach Exposes Sensitive User Information: Cybersecurity Concerns Rise

Vaibhav February 24, 2026
PayPal-Confirms-Six-Month-Data-Exposure-Due-to-Loan-System-Errordata

PayPal Confirms Six-Month Data Exposure Due to Loan System Error

Vaibhav February 23, 2026
PayPal-Data-Breach-Customer-Information-Exposed-Passwords-Reset-Unauthorized-Transactions-Confirmeddata

PayPal Data Breach: Customer Information Exposed, Passwords Reset, Unauthorized Transactions Confirmed

Vaibhav February 21, 2026

You may have missed

PayPal-Data-Breach-Exposes-Sensitive-User-Information-Cybersecurity-Concerns-Risedata

PayPal Data Breach Exposes Sensitive User Information: Cybersecurity Concerns Rise

Vaibhav February 24, 2026
APT28-Targets-European-Entities-with-Webhook-Based-Macro-Malware-Attacksdata

APT28 Targets European Entities with Webhook-Based Macro Malware Attacks

Vaibhav February 24, 2026
SIM-Swap-Attack-Protect-Your-Bank-Account-from-Network-Disruptiondata

SIM Swap Attack: Protect Your Bank Account from Network Disruption

Vaibhav February 23, 2026
Multiple-Zero-Day-Vulnerabilities-in-PDF-Software-Expose-Users-to-XSS-and-One-Click-Threatsdata

Multiple Zero-Day Vulnerabilities in PDF Software Expose Users to XSS and One-Click Threats

Vaibhav February 23, 2026
Spanish-Police-Arrest-Suspected-Anonymous-Members-Over-DDoS-Attacks-on-Government-Websitesdata

Spanish Police Arrest Suspected Anonymous Members Over DDoS Attacks on Government Websites

Vaibhav February 23, 2026
en_USEnglish
en_USEnglish