InfoSecBulletin Cybersecurity for mankind
Cybersecurity researcher Jeremiah Fowler discovered a data leak in an AI image generator tool and informed ExpressVPN. The exposed database was unprotected and held over a million images and videos (1,099,985 records).
Jeremiah Fowler stated that during the investigation, most of the documents he reviewed were pornographic images, including AI-generated or manipulated images of young individuals. These included face-swapped pictures of adults and minors on AI-created bodies. More troubling was the presence of unaltered real images of individuals, likely uploaded without their consent.
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
The database and its watermarked images were linked to a Silicon Valley company called SocialBook, which provides services for influencers and marketers, including AI tools for image and content generation.
During a review of SocialBook’s AI image-generation tool, it was found that it was linked to MagicEdit.app. This tool is available on the Apple App Store, credited to BoostInsider Inc., with support linked to socialbook.io and a copyright by “SOCIALBOOK.” While ownership details are unclear, MagicEdit seems connected to SocialBook, and BoostInsider might be a parent company or related developer. BoostInsider’s LinkedIn page lists offices in California, Beijing, Chengdu, and Shenzhen.
Jeremiah Fowler informed SocialBook and MagicEdit about a security issue, leading to the database being restricted from public access. He received a reply stating “Thank you for this responsible disclosure. We take this extremely seriously and we are conducting a full investigation into the scope of the exposure”.
MagicEdit is an AI-based image generation tool that allows users to turn text or pictures into various images, including adult content and face-swaps. The App Store notes that it’s for users over 18 and warns of potential sexual content or nudity.
Jeremiah Fowler suggests making social media profiles private to protect personal images from AI misuse, allowing only friends and family to view them. He also advises disabling public access to profile pictures and albums and regularly checking followers to limit who can see your content.
Laws now exist to help individuals facing sextortion or harassment by allowing the removal of nonconsensual images. In the U.S., The Take It Down Act (S.146), signed on May 19, 2025, criminalizes the publication or threat of nonconsensual intimate images, including AI-generated “deepfakes.”
