Data leak at pornographic AI platform MyLovely.ai

The AI platform "MyLovely.ai" offers the creation of "AI girlfriends", complete with AI image and video generation as well as chats. More than 106,000 users are registered on the platform. Their data fell into the wrong hands during an IT incident and is now available in a darknet forum. The Have-I-Been-Pwned project (HIBP) has integrated the data into its own collection.

This is reported by operator Troy Hunt in a new "Breach" entry. According to the report, the data leak comprises around 106,300 accounts, of which the email addresses have been disclosed. The dataset also includes the AI prompts created by users as well as links to AI images and videos generated from them. In addition, some entries also include usernames from the social networks Discord or X. The entries in the 2.1 GByte database from April 2026 were described as originating from a "JSON Leak".

HIBP: "Sensitive" Data Leak

Hunt has classified the data leak as "sensitive". As a result, it does not appear in the results of the open email search of HIBP. However, users of the service can view in the private dashboard after confirming their email address whether this information has now become public through the data leak.

At the beginning of the year, data from 6.2 million Instagram accounts ended up at the Have-I-Been-Pwned project. Criminals obtained the data through scraping, i.e., by crawling the database and reading data via publicly accessible interfaces. Last May, Hunt also gave the website a massive facelift. The prominent input field for the email address has continued to serve as the basis since then. If the entered address was not found in any data leak, virtual confetti has been flying across the page since then. The dashboard has been available free of charge for private users since then and also allows access to sensitive data leaks. Business customers will also find API access and other services such as domain search there, which, however, require a paid subscription.

(dmk)