An AI image generator startup has been found to have left its database open on the internet, exposing over 1 million images and videos. This vast collection includes a significant number of explicit images, often featuring nonconsensual edits that depict adults and children in nude contexts. Security researcher Jeremiah Fowler identified this data breach in October, noting that the unsecured database was shared among multiple platforms, including MagicEdit and DreamPal. At the time, around 10,000 new images were being added daily.
Fowler’s investigation revealed that the majority of these images were sexually explicit, with some appearing to involve children, where faces of minors were swapped onto nude bodies. He emphasized the serious implications such content has for innocent individuals, particularly minors, as it can result in the creation of sexual material without consent.
This incident is part of a worrying trend where AI tools are being increasingly used for malicious purposes, including the production of explicit imagery. Services utilizing AI for "nudifying" have gained millions of users and generated significant revenue, as a few clicks can result in alarming alterations to photographs, particularly targeting women. Reports of AI-generated child sexual abuse material have also doubled within the past year.
In response to the breach, representatives from DreamX, the company behind the affected platforms, stated that they take these concerns seriously. They claimed that SocialBook, a marketing firm associated with the database, operates independently and does not utilize this storage system. Nevertheless, Fowler’s findings linked the database to SocialBook, indicating the seriousness of the situation.
Following the breach, DreamX ceased access to the exposed database and initiated an internal investigation. The developer also temporarily suspended MagicEdit and DreamPal’s sites and mobile applications to address the issue. As of now, the websites are no longer accessible, returning error messages.
Fowler’s discovery of the database, which contained nearly all pornographic records, has further stirred scrutiny. The U.S. National Center for Missing and Exploited Children has been notified of the situation, demonstrating the collaborative effort necessary to combat such violations.
While the MagicEdit website did not explicitly promote the creation of explicit content, Fowler noted that its App Store rating indicated it was for users over 18. The tools presented on the site often showcased sexualized images, again highlighting a need for better moderation and safeguards against misuse.
Experts, including Adam Dodge of EndTAB, indicate that this incident reflects a broader societal issue where the bodies of women and children are subject to unwanted sexualization, a problem exacerbated by the powers of AI technology. They stress the importance of enforcing robust checks and policies within startups to protect individuals from digital exploitation.
