Digital
Two AI apps exposed 12TB of user data on Google Play
Video AI Art Generator leaked 1.5 million images and 385,000 videos, IDMerit spilled KYC documents across 25 countries.
MUMBAI: AI apps promising magic transformations just pulled off a vanishing act of privacy leaving 12 terabytes of user secrets wide open for anyone to grab. Security researchers have exposed a major data breach tied to two Android apps previously listed on the Google Play Store, highlighting ongoing risks in the rush to deploy AI-powered tools. The first, Video AI Art Generator & Maker from developer Codeway, surpassed 500,000 installs and amassed over 11,000 reviews before the flaw was uncovered.
A misconfigured Google Cloud Storage bucket left the entire media library unprotected no authentication required. Forbes-cited analysis revealed more than 1.5 million user-uploaded images, over 385,000 videos, and millions of AI-generated files, totalling 12TB or 8.27 million items collected since the app launched on 13 June 2023. The app has since been removed from public search on the Play Store.
The problem didn’t stop there. Researchers found a similar exposure in Codeway’s second app, IDMerit, which handled Know Your Customer (KYC) verification. Leaked data included identity documents, addresses, phone numbers, and other personal details used for financial and onboarding processes. The breach impacted users in the United States and at least 25 other countries, including Germany, France, China, and Brazil. Codeway reportedly secured the IDMerit bucket on 3 February 2026.
Investigators traced the root cause to a common and dangerous practice, hardcoding sensitive credentials passwords, API keys, encryption secrets directly into app source code. Automated bots scanning public repositories can snatch these in seconds. Cybernews researchers noted that 72 per cent of analysed Play Store apps exhibited similar vulnerabilities.
The incidents serve as a stark reminder for users, AI-editing tools and identity-verification apps from lesser-known developers can carry hidden risks. Security experts recommend checking a developer’s track record, looking for Google’s “Verified Developer” badge, carefully reviewing requested permissions, and avoiding uploads of sensitive documents unless absolutely necessary.
In an era where AI promises to create, edit, and verify almost anything, these leaks show that the real risk isn’t always the tech failing, it’s the shortcuts developers take when rushing it to market.
Digital
OpenAI’s Stargate lead Peter Hoeschele exits with two senior leaders
Trio behind compute push set to join new startup amid leadership reshuffle
SAN FRANCISCO: Peter Hoeschele, a key figure behind OpenAI’s early Stargate data centre initiative, has exited the company, according to a report by The Information.
The departure is part of a broader leadership shift, with two other senior executives, Shamez Hemani and Anuj Saharan, also set to leave in the coming days. All three are expected to join the same new startup, although details about the venture remain under wraps.
The trio played a central role in OpenAI’s Stargate effort, an initiative aimed at building large-scale data centre capacity in-house to reduce reliance on external infrastructure providers. Their exits mark a notable moment for the company’s compute strategy as it continues to scale rapidly.
OpenAI spokesperson said in a statement to The Information, “We’re grateful for the contributions Peter, Shamez, and Anuj have made to OpenAI and wish them the very best in what comes next.” The company also pointed to the recent appointment of Sachin Katti to lead its industrial compute organisation, signalling continuity in its infrastructure roadmap.
OpenAI has indicated that it does not plan to directly replace Hoeschele’s role, suggesting a possible restructuring of responsibilities within the team.
As competition intensifies in the race to build next-generation AI systems, leadership changes in core infrastructure teams are likely to draw close attention. For now, the spotlight shifts to what this departing trio builds next, and how OpenAI adapts as it scales its ambitions.
